store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Fri Apr 18, 2014 4:02 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Mod Evasive and ipv6
Unread postPosted: Mon Aug 15, 2011 3:46 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
Hi,

I entered in 2 new IPs into the /etc/asl/whitelist file - one ipv4 and one ipv6 - and then ran asl -f -s which when it checked the mod_evasive settings the ipv4 address showed up as fixed but the ipv6 address didnt show up at all.

Does ASL or mod_evasive not support ipv6 addresses?

I added the ipv6 equivalent of a loopback/localhost address
Quote:
::1
0:0:0:0:0:0:0:1


In response to getting numerous emails from ossec saying that mod_evasive had blocked the ::1 address due to a Ddos

Received From: ehost-services201->/var/log/messages
Rule: 60205 fired (level 7) -> "Possble DoS attack"
Portion of the log(s):

Quote:
Aug 14 17:02:29 server.name mod_evasive[1043324]: Blacklisting address ::1: possible DoS attack.


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Tue Aug 16, 2011 12:46 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
mod_evasive supports it. We dont though, or not in the whitelist anyway.


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Wed Aug 17, 2011 1:35 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
Well, looks you got a new feature to add in eh ;)


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Wed Aug 17, 2011 11:40 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
I dont know that we can fix mod_evasive.... that guys kind of a nut.


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Thu Aug 18, 2011 11:19 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
but you can add in ipv6 support into your white/black lists though right?


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Mon Aug 22, 2011 1:19 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
We could, but theres no guarantee the downstream packages will work with it.


Top
 Profile  
 
 Post subject: Re: Mod Evasive and ipv6
Unread postPosted: Thu Sep 29, 2011 12:23 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
So in /etc/asl/whitelist I put in the IP ::1

I run asl -f -s

Then I check /etc/httpd/conf.d/mod_evasive.conf and it didnt add it

So I go to /etc/httpd/conf.d/mod_evasive.conf I add in the whitelist line manually
DOSWhitelist ::1

then I run asl -f -s again, go back and check the /etc/httpd/conf.d/mod_evasive.conf file again, and the line is gone.

This basically goes along with what you have mentioned previously, but you can see that running asl -f -s removed my ipv6 address that I already had in there, which to me -- I dont care if its loopback or not -- is a bad thing anytime you remove an IP address.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot], Exabot [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group