Date: Tue, 30 Sep 2008 18:05:59 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: wmoran@collaborativefusion.com (Bill Moran) Cc: freebsd-hackers@FreeBSD.ORG, pierre.riteau@gmail.com Subject: Re: SSH Brute Force attempts Message-ID: <200809301605.m8UG5xpr046010@lurza.secnetix.de> In-Reply-To: <20080930115014.45a0cd88.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > In response to Oliver Fromme <olli@lurza.secnetix.de>: > > Pierre Riteau wrote: > > > > > Because the 3-way handshake ensures that the source address is not being > > > spoofed, more aggressive action can be taken based on these limits. > > > > s/not being spoofed/more difficult to spoofe/ ;-) > > On a modern OS (like FreeBSD) where ISNs are random, the possibility of > blindly spoofing an IP during a 3-way handshake is so low as to be > effectively impossible. It depends a lot on the environment, for example whether the attacker has access (or can somehow get access) to the server's uplink and trace packets. This can happen if the server is located with many other servers on the same network, which is often the case for co-location or so-called root servers. Of course, if the network is regarded "secure", then you are right. Spoofing a TCP handshake would be very difficult in that case. (I try to avoid the word "impossible". Nothing is impossible, especially in the security business.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Python is executable pseudocode. Perl is executable line noise.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809301605.m8UG5xpr046010>