Whitelisting IP ranges: preventing DoS

Sun, 2005–Oct–30

Hi,

I like your answer to the ssh scanning attacks.

However, could I ask that you add a whitelisting feature?
For instance, as is added to this product: http://www.pettingers.org/code/sshblack.html#regex

The problem is that attackers could spoof the source IP address of ssh logon attempts to come from your own network, locking yourself out of your machine. This effectively is a Denial of Service, as your are unable to then connect to your own machine (it denies you service).

The simplest avoidance measure would be for BlockHosts to add a whitelisting feature, which prevented matching regexs from being blocked. This would mean that you could always guarentee to be able to connect to the server from that IP address.

Regards

Craig Macdonald

BlockHosts

Mon, 2005-10-31 16:22 — ac

Already available?

At least one form of whitelisting is already available, the file INSTALL in the distribution explains it, here's a snippet:

# see "man 5 hosts_access" for details of the format of IP addresses, #services, allow/deny options. Also see "man hosts_options" #order of lines in this file is important, first matched IP address line #is rule applied by hosts_access # # permanent whitelist addresses - these should always be allowed accessALL: 127.0.0.1 : allow ALL: 192.168.0. : allow# permanent blacklist addresses - these should always be denied accessALL: 10. : deny ALL: 192. : deny ALL: 172. : deny# ---------------------------------------- # next section is the blockhosts section - it will add/delete entries in # between the two marker lines (#---- BlockHosts Additions) ...

Sat, 2005-11-26 19:35 — Anonymous (not verified)

Could you provide a PoC

Could you provide a PoC about the spoofing part of your claim.

Sun, 2005-11-27 09:18 — ac

Which claim?

Not sure I understand - if you mean the discussion in the "Overview" section of the BlockHosts, that discussion
is carried much further, in detail, in the link provided there to the SSHD mailing list.

ACZoom · Archive-2016