Am 17.02.2019 um 11:54 schrieb Gabor Kiss:
>> So, what can I do?
>> I know ths patch (which seems to be included in debian sks package) to
>> ignore one special malicious key, but that seems to not help about those
>> noted above. Is there a patch to add more keys to be ignored?
>> As some IPs requests the same KeyID over and over again (>100 reqs/day),
>> I do block those IPs with fail2ban.
>
> Fail2Ban is useful but I intentionally do not log where the requests
> come. Logging in the proxy is turned off.
>
I'm using nginx as reverse proxy and added this to the config:
if ( $args ~
"op=get&options=mr&search=(0x1013D73FECAC918A0A25823986CE877469D2EAD9|0x2016349F5BC6F49340FCCAF99F9169F4B33B4659|0xB33B4659|0x69D2EAD9)"
) {
return 444;
}
444: Connection Closed Without Response
Additonal i use fail2ban which triggers on the errorcode 444
> Gabor
Br
Andreas
>
> _______________________________________________
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
