View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005042 | unreal | ircd | public | 2017-12-28 18:41 | 2018-09-05 10:02 |
Reporter | HeXiLeD | Assigned To | syzop | ||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Platform | Linux | OS | Any: | OS Version | Latest stable |
Product Version | 4.0.17 | ||||
Summary | 0005042: Allow max per certFP like the allow block maxperip (enhancement) | ||||
Description | I would like to suggest a feature in the line of enhanced security. This feature complements and works with: https://unrealircd.com/docs/Allow_block fail-if-no-clientcert and max-unknown-connections-per-ip Currently we can set how many clients we allow connecting from the same ip and can specify exceptions for specific ips. However for clients connecting from tor hidden services, local shells or LANs that have only one exit to the wan these exceptions do not give much control to legit and non legit users. If one wants to prevent abuses from users using the same exit ip or tor services/localhost, currently there is not much it can be done. Some methods can be implemented to improve control of these connections such as fail-if-no-clientcert for a netowrk that only accepts clients using certFP and register them with services and allow only X number of certFP's to be reused by the same user. Example would be setting a number of allowed certFP per user to the desired number of connections from that user for better fine grained control. | ||||
Steps To Reproduce | Connect from localhost or same lan exit to wan until reach all the allow connections in the allow block without better control about who is who (clones) | ||||
Additional Information | The proposed solution and enhancement would allow better control for real clone client connection from the same IP and deter bots and real users from loading the same certFP endlessly. | ||||
Tags | access control, certfp, clones, conf, maxperip | ||||
3rd party modules | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2017-12-28 18:41 | HeXiLeD | New Issue | |
2017-12-28 18:41 | HeXiLeD | Tag Attached: access control | |
2017-12-28 18:41 | HeXiLeD | Tag Attached: certfp | |
2017-12-28 18:41 | HeXiLeD | Tag Attached: conf | |
2017-12-28 18:41 | HeXiLeD | Tag Attached: clones | |
2017-12-28 18:41 | HeXiLeD | Tag Attached: maxperip | |
2018-09-05 10:02 | syzop | Assigned To | => syzop |
2018-09-05 10:02 | syzop | Status | new => closed |
2018-09-05 10:02 | syzop | Resolution | open => no change required |
2018-09-05 10:02 | syzop | Note Added: 0020261 |