Remove reverse mapping attack signature
Issue #15
resolved
I want to disable checking for this signature:
reverse mapping checking getaddrinfo for failed - POSSIBLE BREAK-IN ATTEMPT!
because I use my laptop in many locations where reverse DNS is configured badly.
As I understood the only thing I can do for now is to patch sources and compile it myself. It's not convenient.
Comments (6)
-
-
reporter @Partmedia I think so.
-
- changed title to Remove reverse mapping attack signature
-
assigned issue to
- marked as task
-
- changed status to resolved
Fixed in 7f7dccf, thanks!
-
I would've liked to have this an optional choice, or even to be able to disable this for some subnets, as I've been bitten by this several times (in older version(s) in Debian/Ubuntu) that forced me to whitelist entire ADSL ranges, where I just wanted to disable this for a certain range.
-
This signature has been removed in newer versions of SSHGuard. Unfortunately, you'll have to upgrade to take advantage of this change.
- Log in to comment
Right now, disabling an attack signature means patching and recompiling SSHGuard. The root issue seems to be that a reverse mapping check isn't really indicative of an attack; it's actually very common for this to fail, especially if the client is behind a corporate/school/home network without FQDN for every IP. Should this signature be removed entirely?