[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Annoying malicious keys - any easy solution?
|
From: |
Todd Fleisher |
|
Subject: |
Re: [Sks-devel] Annoying malicious keys - any easy solution? |
|
Date: |
Sun, 17 Feb 2019 08:02:07 -0800 |
Do you (or others) see are any side effects to this approach? I’m particularly
wondering if it would cause your server to fall behind if it repeatedly closes
connections from its peers.
-T
> On Feb 17, 2019, at 3:00 AM, Andreas Puls <address@hidden> wrote:
>
>
>
> Am 17.02.2019 um 11:54 schrieb Gabor Kiss:
>>> So, what can I do?
>>> I know ths patch (which seems to be included in debian sks package) to
>>> ignore one special malicious key, but that seems to not help about those
>>> noted above. Is there a patch to add more keys to be ignored?
>>> As some IPs requests the same KeyID over and over again (>100 reqs/day),
>>> I do block those IPs with fail2ban.
>>
>> Fail2Ban is useful but I intentionally do not log where the requests
>> come. Logging in the proxy is turned off.
>>
>
> I'm using nginx as reverse proxy and added this to the config:
> if ( $args ~
> "op=get&options=mr&search=(0x1013D73FECAC918A0A25823986CE877469D2EAD9|0x2016349F5BC6F49340FCCAF99F9169F4B33B4659|0xB33B4659|0x69D2EAD9)"
> ) {
> return 444;
> }
>
> 444: Connection Closed Without Response
>
> Additonal i use fail2ban which triggers on the errorcode 444
>> Gabor
>
> Br
> Andreas
>>
>> _______________________________________________
>> Sks-devel mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
signature.asc
Description: Message signed with OpenPGP