DoS for log analysers

Posted by Nico Golde in
Thursday, June 7. 2007

There are many servers using tools like fail2ban, denyhosts or blockhosts to defend their machine from different brute force attacks especially on ssh.

It is old news that this can lead to dangerous results because of stuff like IP spoofing.

The following paper on http://www.ossec.net/en/attacking-loganalysis.html which came across full-disclosure today shows how to do DoS attacks on a server running these tools using a technique very similar to SQL injections, called log injection.

This shows another time that it might be very self-desctructive if you use such tools.
So if you use one of the services, patch them, this attack can be run by everyone capable of open a shell and use netcat/telnet/foo.
Comments (0) - Trackbacks (0)
Defined tags for this entry: , , , , ,
Related entries by tags:
(Page 1 of 1, totaling 1 entries)

Calendar

Back June '07 Forward
Mon Tue Wed Thu Fri Sat Sun
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Quicksearch

Support



=>my website

Recent Entries

E-Plus GSM privacy/TMSI allocation leak
Thursday, October 11 2012
Exploiting the Ubiquisys/SFR femtocell webserver (wsal/shttpd/mongoose/yassl embedded webserver)
Wednesday, August 3 2011
So what happened recently...
Wednesday, April 6 2011
Sunday, February 6 2011
exim remote vulnerability
Thursday, December 9 2010
Will my Phone Show An Unencrypted Connection?
Wednesday, September 8 2010
smpCTF 2010 quals writeups
Sunday, August 8 2010
protocol design fail: MMS notification
Wednesday, July 28 2010
acrobat reader stealing my passwords
Tuesday, June 29 2010
UnrealIRCd backdoored
Saturday, June 12 2010

Archives

Syndicate This Blog

Categories



All categories

Tag cloud