DoS for log analysers

Posted by Nico Golde in
Thursday, June 7. 2007

There are many servers using tools like fail2ban, denyhosts or blockhosts to defend their machine from different brute force attacks especially on ssh.

It is old news that this can lead to dangerous results because of stuff like IP spoofing.

The following paper on http://www.ossec.net/en/attacking-loganalysis.html which came across full-disclosure today shows how to do DoS attacks on a server running these tools using a technique very similar to SQL injections, called log injection.

This shows another time that it might be very self-desctructive if you use such tools.
So if you use one of the services, patch them, this attack can be run by everyone capable of open a shell and use netcat/telnet/foo.

Comments (0) - Trackbacks (0)

Defined tags for this entry: attacks, dos, exploit, security, software, tools

Related entries by tags:

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets. E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets.
	Remember Information?

DoS for log analysers

nion's blog

DoS for log analysers

Calendar

Quicksearch

Support

Recent Entries

Archives

Syndicate This Blog

Categories

Tag cloud