I'm using Mosquitto broker and I'm looking into a way to prevent brute force attacks against the broker, Does anyone know if there are built-in or external plug-in configurations for Mosquitto that can help in doing this ?
Asked
Active
Viewed 305 times
1 Answers
0
There is nothing built in to the core mosquitto broker to do this.
JPMens authentication plugin currently does not support this but it might be possible to implement something using some of the available backends.
E.g. if you used the http_auth backend you could use existing http anti brute force tools. (with the caveat that all request will always look like they are coming from the broker's ip address).
I'd need to look closer at the information passed to the plugin callbacks, but it doesn't look like IP information is made available so it will be hard to lock out attackers IP addresses.
It might be useful to use something like fail2ban to read the mosquitto log files and block people at the firewall iptables level (if you are on Linux). Not sure if anybody has written a mosquitto.log parser yet.
hardillb
- 54,545
- 11
- 67
- 105