Server not logging: error 550
Moderator: Project members
Re: Server not logging: error 550
Please, are there any plans to address this?
Re: Server not logging: error 550
No immediate plans. At the point of time where the filtering is performed, the data structures needed for logging session-specific data haven't even been created yet.
Re: Server not logging: error 550
If the attacker can spoof connections and is somewhat savvy, the attacker can easily observe the traffic of the server and use the correct IP address on the very first connection attempt. He would not even trigger the 550 to begin with.Macktek wrote:When a person attempts to connect from an IP that is blocked, they see error 550.
So, if they are somewhat savvy they can iterate thru blocks of IP until they get one that is "ok".
By preventing the log from seeing this, we cannot detect that kind of attack.
Re: Server not logging: error 550
Yes, that is true. But the odds are that a hacker would not want to be physically near the building (if possible).
So, statistically speaking I am going to go with the odds, and say that many attacks will be from someone physically distant because its much lower risk.
So, in some sense, its still a better deterrent than nothing.
It more like an alarm... the alarm does not stop the thief very often, but at least it gives you an idea of what might have happened.
its similar to password attempts.
In fact, that is a good example: Why does FZ have anti-password cracking in place? (Obvious answer, because it is needed).
Typical Rebuttal: Its not needed because a good hacker won't even need to do that.
Counter: Tell that to all the bad hackers who do... and if that is so true, then remove the code from FZ.
My point is, of course we need that to prevent easy cracking of passwords. Logically, a good hacker can still crack the password (or obtain it)... but that does not equate to removing the anti-password cracking code. (Agreed?)
Same with attempts from blocked IPs. They are an obvious preventative. It does not matter than some Uber hacker can still achieve the goal of hacking in. So, we still need a way to monitor attempts to connect from blocked IP's.
So, statistically speaking I am going to go with the odds, and say that many attacks will be from someone physically distant because its much lower risk.
So, in some sense, its still a better deterrent than nothing.
It more like an alarm... the alarm does not stop the thief very often, but at least it gives you an idea of what might have happened.
its similar to password attempts.
In fact, that is a good example: Why does FZ have anti-password cracking in place? (Obvious answer, because it is needed).
Typical Rebuttal: Its not needed because a good hacker won't even need to do that.
Counter: Tell that to all the bad hackers who do... and if that is so true, then remove the code from FZ.
My point is, of course we need that to prevent easy cracking of passwords. Logically, a good hacker can still crack the password (or obtain it)... but that does not equate to removing the anti-password cracking code. (Agreed?)
Same with attempts from blocked IPs. They are an obvious preventative. It does not matter than some Uber hacker can still achieve the goal of hacking in. So, we still need a way to monitor attempts to connect from blocked IP's.