[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Query : Mechanism to drop or block too many unauthorized requests
|
[quoting cleaned up with no intended actul change]
Roger Light via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> writes:
> On Thu, 22 Jun 2023 at 14:20, Pratik Raj <rajpratik71@xxxxxxxxx> wrote:
>
>> Is it possible to block or limit the no. of unauthorized for a username or
>> clientId by a flag/config ?
> Not at the moment. What sort of procedure did you have in mind?
I'm not Pratik, but there are a few things out there that attempt to
scoreboard failed attempts and block IP addresses for a while.
Generally, blocking repeat attempts of a username is not such a great
idea as it becomes trivial to DOS the system.
Example packages are:
fail2ban: this is probably the ur-typ of such schemes. It leans to
firewall, but could perhaps inject rules to someplace else
https://www.fail2ban.org/wiki/index.php/Main_Page
blocklistd: this is similar, and native on NetBSD. It has been ported
to FreeBSD. It seems more or less equivalent.
https://man.netbsd.org/blocklistd.
Ideally, there'd be a daemon like one of these that could also be
queried, so one could just reject auth attempts, vs firewalling.
However, Pratik might want to hook in fail2ban firewall.
Pratik: Having read this, I wonder what you now think you would like to
do?
