[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Annoying malicious keys - any easy solution?
From: |
Andreas Puls |
Subject: |
Re: [Sks-devel] Annoying malicious keys - any easy solution? |
Date: |
Sun, 17 Feb 2019 12:00:24 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
Am 17.02.2019 um 11:54 schrieb Gabor Kiss:
>> So, what can I do?
>> I know ths patch (which seems to be included in debian sks package) to
>> ignore one special malicious key, but that seems to not help about those
>> noted above. Is there a patch to add more keys to be ignored?
>> As some IPs requests the same KeyID over and over again (>100 reqs/day),
>> I do block those IPs with fail2ban.
>
> Fail2Ban is useful but I intentionally do not log where the requests
> come. Logging in the proxy is turned off.
>
I'm using nginx as reverse proxy and added this to the config:
if ( $args ~
"op=get&options=mr&search=(0x1013D73FECAC918A0A25823986CE877469D2EAD9|0x2016349F5BC6F49340FCCAF99F9169F4B33B4659|0xB33B4659|0x69D2EAD9)"
) {
return 444;
}
444: Connection Closed Without Response
Additonal i use fail2ban which triggers on the errorcode 444
> Gabor
Br
Andreas
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>