Date: Fri, 4 Mar 2011 13:30:51 -0800 From: David Brodbeck <gull@gull.us> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Simplest way to deny access to a class C Message-ID: <AANLkTinJUO=aXYGK3RQ1vo=g2Sr-Y2=_234tL5JVy7Y4@mail.gmail.com> In-Reply-To: <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> References: <3382016411-764985335@intranet.com.mx> <AANLkTi=Fb_CiA76g79ZkP8o_yWsQcN6iuPD7w=dBxztQ@mail.gmail.com> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten@waddell.com> wrote: > Be careful of automated responses. =A0What if someone spoofs IP's of legi= t users / customers / whatever and your automated response blocks them? =A0= Not good. Fortunately this is a relatively low risk with fail2ban, because to spoof a failed SSH connection you need to spoof a whole three-way TCP handshake. This could happen, but only if the attacker is on the same subnet as the affected customer or can intercept all their traffic for a man-in-the-middle attack. A bigger risk is customers fat-fingering their password repeatedly and locking themselves out. ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinJUO=aXYGK3RQ1vo=g2Sr-Y2=_234tL5JVy7Y4>