When fail2ban whois an IP address, it is still awaiting a reply.
If there is no answer (timeout or bad ip), fail2ban is blocked and the system load rises indefinitely. In addition, fail2ban ceases to act on new attacks.
After some time, the server may crash (too many attack or load too high).
Hackers could use this issue to attack servers using an IP address that is not in the Whois database for example.
fail2ban should have a timeout (one minute) in case of no response from the whois.
Log in to post a comment.