Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Mar 2011 13:30:51 -0800
From:      David Brodbeck <gull@gull.us>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Simplest way to deny access to a class C
Message-ID:  <AANLkTinJUO=aXYGK3RQ1vo=g2Sr-Y2=_234tL5JVy7Y4@mail.gmail.com>
In-Reply-To: <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com>
References:  <3382016411-764985335@intranet.com.mx> <AANLkTi=Fb_CiA76g79ZkP8o_yWsQcN6iuPD7w=dBxztQ@mail.gmail.com> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten@waddell.com> wrote:
> Be careful of automated responses. =A0What if someone spoofs IP's of legi=
t users / customers / whatever and your automated response blocks them? =A0=
Not good.

Fortunately this is a relatively low risk with fail2ban, because to
spoof a failed SSH connection you need to spoof a whole three-way TCP
handshake.    This could happen, but only if the attacker is on the
same subnet as the affected customer or can intercept all their
traffic for a man-in-the-middle attack.  A bigger risk is customers
fat-fingering their password repeatedly and locking themselves out. ;)



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?AANLkTinJUO=aXYGK3RQ1vo=g2Sr-Y2=_234tL5JVy7Y4>