On Mon, 24 Feb 2020, tech wrote:
> As this is a "system component" feature, I hope this is the right list
>
> Scientific Linux 7.7, with latest update.
>
> If there are more than 255 IP addresses associated with a service in
> /etc/hosts.deny, then when any service which calls tcp_wrappers is invoked,
> the process hangs, eventually taking 100%CPU.
> Any new request to tcp wrappers invokes another process which likewise
> eventually reaches 100% CPU. Effectively initiating an unintended DoS
>
> I run exim as my MTA
>
> I run a script which looks for certain messages
>
>> "no host name found for IP address"
>> "rejected after DATA"
>> "refused: too many connections"
>
> in the /var/log/exim/ mainlog, rejectlog and paniclogs
> which indicate invalid connections to the server, and then places the Class C
> IP address of these in hosts.deny, against exim
Rather than using hosts.deny, I would suggest you look at using iptables
(or perhaps another system level firewall)
and fail2ban to generate the blocks (the Ubuntu fail2ban package includes
rules for exim).
"Class C" networks stopped being a useful concept a couple of decades ago.
[ I have half a Perl script to look up the IPv4 addresses in whois
and get an indication of the appropriate size of netblock to block.
Reading whois data is an art so this is likely to make mistakes...
whois -h whois.nic.or.kr 1.215.1.1 |& egrep -i "Abuse|CIDR|inetnum|related|AS|/|Name"
IPv4죌ì : 1.208.0.0 - 1.223.255.255 (/12)
IPv4죌ì : 1.215.1.0 - 1.215.1.7 (/29)
IPv4 Address : 1.208.0.0 - 1.223.255.255 (/12)
Organization Name : LG DACOM Corporation
Service Name : BORANET
Name : IP Manager
More specific assignment information is as follows.
IPv4 Address : 1.215.1.0 - 1.215.1.7 (/29)
Organization Name : LG Uplus
Name : IP Manager
- KISA/KRNIC WHOIS Service -
]
> extract below from hosts.deny
>
>> exim: 1.215.,103.141.,103.16.,103.20.,103.230.,103.233.\
>> ,103.69.,103.74.,103.76.,109.100.,109.224.\
>> ,109.61.,109.72.,112.78.,114.199.,115.75.\
>> ,117.103.,121.65.,122.228.,123.143.,125.138.\
|
