Date: Tue, 30 Sep 2008 17:15:48 +0100 From: "Igor Mozolevsky" <igor@hybrid-lab.co.uk> To: "Oliver Fromme" <olli@lurza.secnetix.de> Cc: freebsd-hackers@freebsd.org, Bill Moran <wmoran@collaborativefusion.com>, pierre.riteau@gmail.com Subject: Re: SSH Brute Force attempts Message-ID: <a2b6592c0809300915m9df7ba7q8d5c834eef496dc2@mail.gmail.com> In-Reply-To: <200809301605.m8UG5xpr046010@lurza.secnetix.de> References: <20080930115014.45a0cd88.wmoran@collaborativefusion.com> <200809301605.m8UG5xpr046010@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
2008/9/30 Oliver Fromme <olli@lurza.secnetix.de>: > > Bill Moran wrote: > > In response to Oliver Fromme <olli@lurza.secnetix.de>: > > > Pierre Riteau wrote: > > > > > > > Because the 3-way handshake ensures that the source address is not being > > > > spoofed, more aggressive action can be taken based on these limits. > > > > > > s/not being spoofed/more difficult to spoofe/ ;-) > > > > On a modern OS (like FreeBSD) where ISNs are random, the possibility of > > blindly spoofing an IP during a 3-way handshake is so low as to be > > effectively impossible. > > It depends a lot on the environment, for example whether > the attacker has access (or can somehow get access) to > the server's uplink and trace packets. This can happen > if the server is located with many other servers on the > same network, which is often the case for co-location > or so-called root servers. Yes, but in that situation you probably have the capacity to inject enough traffic into the pipe to cause a total blackout... > Of course, if the network is regarded "secure", then > you are right. Spoofing a TCP handshake would be very > difficult in that case. (I try to avoid the word > "impossible". Nothing is impossible, especially in > the security business.) Security is always about the balance between the effort+risk to you vs the effort+benefit to the attacker... -- Igor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a2b6592c0809300915m9df7ba7q8d5c834eef496dc2>