doh me -- I let your bug report stay without attention for so long. Would you think that disabling / advising-against for named filter only for UDP connections would be sufficient? IP spoofing in TCP is somewhat elaborate and wider problem, so most of defensive mechanisms could be said to be weak and prone to DoS, so I would like to prevent going wild and stating that this filter (and possibly many others) is bogus entirely, because hypothetically attack still could be crafted.
Thanks in advance for your feedback Cheers, On Thu, 27 May 2010, Nico Golde wrote: > Tags: security > Severity: important > Package: fail2ban > Hi, > here's the bug report now :) For reasons outlined in: > http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html > the named filter should be removed from the standard Debian installation. > Cheers > Nico -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
signature.asc
Description: Digital signature
