Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Mar 2011 13:30:51 -0800
From:      David Brodbeck <>
To:        "" <>
Subject:   Re: Simplest way to deny access to a class C
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <> wrote:
> Be careful of automated responses. =A0What if someone spoofs IP's of legi=
t users / customers / whatever and your automated response blocks them? =A0=
Not good.

Fortunately this is a relatively low risk with fail2ban, because to
spoof a failed SSH connection you need to spoof a whole three-way TCP
handshake.    This could happen, but only if the attacker is on the
same subnet as the affected customer or can intercept all their
traffic for a man-in-the-middle attack.  A bigger risk is customers
fat-fingering their password repeatedly and locking themselves out. ;)

Want to link to this message? Use this URL: <>