Thread: [Sshguard-users] proftpd maps ipv4 addresses to ipv6 in its log and sshguard treats them as ipv6

Intelligently block brute-force attacks by aggregating system logs

Brought to you by: mijio, partmedia

sshguard-users

[Sshguard-users] proftpd maps ipv4 addresses to ipv6 in its log and sshguard treats them as ipv6

From: Arne R. <arn...@go...> - 2010-02-24 13:09:34

Hello,

when proftpd runs with ipv6 support, it maps ipv4 addresses to ipv6
(::ffff:1.2.3.4) in the log. Then sshguard treats it as ipv6 address
and executes e.g.

ip6tables -A sshguard -s ::ffff:1.2.3.4/128 -j DROP

so the ipv4 address will not be blocked with iptables.

I posted the problem here:

http://forums.proftpd.org/smf/index.php/topic,3817.msg13663.html#msg13663

Re: [Sshguard-users] proftpd maps ipv4 addresses to ipv6 in its log and sshguard treats them as ipv6

From: Mij <mi...@ss...> - 2010-02-25 11:45:29

Interesting point. I guess the dual-stack carries inevitably an ambiguity
on how to treat mapped addresses. Although they are IPv6, it makes
sense to treat them as plain IPv4 as they traverse the IPv4 stack rather
than the 6 one.

I'll think about it over the next days.

On Feb 24, 2010, at 14:03 , Arne Riecken wrote:

> Hello,
> 
> when proftpd runs with ipv6 support, it maps ipv4 addresses to ipv6
> (::ffff:1.2.3.4) in the log. Then sshguard treats it as ipv6 address
> and executes e.g.
> 
> ip6tables -A sshguard -s ::ffff:1.2.3.4/128 -j DROP
> 
> so the ipv4 address will not be blocked with iptables.
> 
> I posted the problem here:
> 
> http://forums.proftpd.org/smf/index.php/topic,3817.msg13663.html#msg13663

Re: [Sshguard-users] proftpd maps ipv4 addresses to ipv6 in its log and sshguard treats them as ipv6

From: Mij <mi...@ss...> - 2010-02-27 14:29:52

committed in r177, see
http://www.sshguard.net/download/repository/


On Feb 24, 2010, at 14:03 , Arne Riecken wrote:

> Hello,
> 
> when proftpd runs with ipv6 support, it maps ipv4 addresses to ipv6
> (::ffff:1.2.3.4) in the log. Then sshguard treats it as ipv6 address
> and executes e.g.
> 
> ip6tables -A sshguard -s ::ffff:1.2.3.4/128 -j DROP
> 
> so the ipv4 address will not be blocked with iptables.
> 
> I posted the problem here:
> 
> http://forums.proftpd.org/smf/index.php/topic,3817.msg13663.html#msg13663
> 
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users