Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Install DenyHosts within a FreeNAS Jail

Status
Not open for further replies.

Tsaukpaetra

Member
Joined
Jan 7, 2014
Messages
215
Very odd.. Spoofed requests most likely.. Either way deny hosts should help..
It doesn't happen too often and they're obviously not successful in any case. My only annoyance is when for some reason I get host lookup errors, despite not having enabled them in the first place:
Code:
warning: /etc/hosts.allow, line 31: can't verify hostname: getaddrinfo(http://79.109.153.61.dial.wz.zj.dynamic.163data.com.cn/79.109.153.61.dial.wz.zj.dynamic.163data.com.cn, AF_INET) failed

Line 31 happens to be the one that includes the hosts.deny file produced by denyhosts.
 

Yatti420

Neophyte Sage
Joined
Aug 12, 2012
Messages
1,437
It doesn't happen too often and they're obviously not successful in any case. My only annoyance is when for some reason I get host lookup errors, despite not having enabled them in the first place:
Code:
warning: /etc/hosts.allow, line 31: can't verify hostname: getaddrinfo(http://79.109.153.61.dial.wz.zj.dynamic.163data.com.cn/79.109.153.61.dial.wz.zj.dynamic.163data.com.cn, AF_INET) failed

Line 31 happens to be the one that includes the hosts.deny file produced by denyhosts.

From what I've read these errors relate to this section of hosts.allow

# Protect against simple DNS spoofing attacks by checking that the
# forward and reverse records for the remote host match. If a mismatch
# occurs, access is denied, and any positive ident response within
# 20 seconds is logged. No protection is afforded against DNS poisoning,
# IP spoofing or more complicated attacks. Hosts with no reverse DNS
# pass this rule.

ALL : PARANOID : RFC931 20 : deny
 

Yatti420

Neophyte Sage
Joined
Aug 12, 2012
Messages
1,437
That is a quote from what is in a default host.allow .. Its below the all-allow rule however.. Which has always confused me.. checked sshd_config and the UseDNS is set to no so while these warnings confuse me I don't really worry about it.. You could try placing rfc931 rule above all allow but may cause more issues assuming it works at all.. RFC931 is apparently for tcp stuff.. hmmm I'm gonna say just ignore it from now.. Perhaps a freebsd security enthusiast can comment.. I verified denyhosts and I disabled hostname lookups there aswell..

Aslong as they are being blocked as expected it shouldn't be an issues..

Note: I added ALL : *.cn : deny above my hosts.evil block to see if I could thwart random ssh hits from china.. Not sure if it will help though.. I may try to install fail2ban alongside denyhosts eventually..
 
Status
Not open for further replies.
Top