Many anti-spam or web applications with a security component give the ability to ban IP addresses. In my experience any bot, person or other entity that is truly nefarious is using an endless supply of spoofed IP addresses anyways. What is the advantage of continuing to use IP banning to combat malicious users?
Asked
Active
Viewed 126 times
-1
-
You're right - things like `fail2ban` can be a good way to DoS yourself without really increasing your level of security. The only reason I use things like that on some specific WAN facing servers is to help clean up logs (as well as a good log rotation policy) – gparent Oct 28 '14 at 18:44
1 Answers
4
Blocking anomalous access patterns against services that use the TCP protocol based on source IP address certainly isn't effective for all possible attackers. It does help quell attacks from sources that don't have the capability to "hide" behind legions of compromised machines.
I see source address blocking as part of a layered security strategy. It "costs" very little to implement and can stop a category of attacker. It's not an end-all strategy, to be sure.
(It's important to qualify that we're talking about TCP-based protocols here. Since forging the source address is trivially easy for UDP-based protocols blocking access based on source address for those protocols is a denial of service risk.)
Evan Anderson
- 141,071
- 19
- 191
- 328