Bug#583364: fail2ban: using named filter insecure
Hi, * Yaroslav Halchenko [2010-06-28 12:12]: > doh me -- I let your bug report stay without attention for so long. > Would you think that disabling / advising-against for named filter only > for UDP connections would be sufficient? IP spoofing in TCP is somewhat > elaborate and wider problem, so most of defensive mechanisms could be > said to be weak and prone to DoS, so I would like to prevent going wild > and stating that this filter (and possibly many others) is bogus > entirely, because hypothetically attack still could be crafted. Yes I agree, should be sufficient. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpzi84EG7PYm.pgp Description: PGP signature
Bug#583364: fail2ban: using named filter insecure
doh me -- I let your bug report stay without attention for so long. Would you think that disabling / advising-against for named filter only for UDP connections would be sufficient? IP spoofing in TCP is somewhat elaborate and wider problem, so most of defensive mechanisms could be said to be weak and prone to DoS, so I would like to prevent going wild and stating that this filter (and possibly many others) is bogus entirely, because hypothetically attack still could be crafted. Thanks in advance for your feedback Cheers, On Thu, 27 May 2010, Nico Golde wrote: > Tags: security > Severity: important > Package: fail2ban > Hi, > here's the bug report now :) For reasons outlined in: > http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html > the named filter should be removed from the standard Debian installation. > Cheers > Nico -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] signature.asc Description: Digital signature
Bug#583364: fail2ban: using named filter insecure
Tags: security Severity: important Package: fail2ban Hi, here's the bug report now :) For reasons outlined in: http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html the named filter should be removed from the standard Debian installation. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpMotIUu6ZqS.pgp Description: PGP signature