When ZAP is used, libzmq gain information on possible ennemies. It may
be interesting to manage a EACCESS trigger counter per IP, in order to
be able to feed a fail2ban like list.
Rationals : Efforts are made in the code and has been argumented to
delay the costly operations in the curve protocol, to avoid some types
of attacks. So, it makes sense to delegate to the firewall via fail2ban
the rejection of ennemies.
Use case : For example, if an IP raises 3 EACCESS in less than 2
minutes, it is banned for one hour directly by the firewall.
This could be implemented via a STL map with the IP has a key, with a
value being a structure containing the counter, the state, a timestamp
of the last trigger, and alongside, a timestamp-ordered STL set of the
IP-keys. The state is true if the counter reaches a parametrisable level
(say 3 times). The number of IP memorized or the duration of the memory
SHALL be parametrisable.
It should be open to enable other conditions than ZAP EACCESS, for
future mechanisms, so, the API SHOULD be something like :
if (errno == EACCESS) record_ennemy();
in say the curve_server.cpp file.
In the background, a text file compatible with fail2ban is maintained.
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
