From owner-freebsd-questions@FreeBSD.ORG  Fri Mar  4 21:30:53 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D59AE1065676
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Mar 2011 21:30:53 +0000 (UTC) (envelope-from gull@gull.us)
Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com
	[209.85.215.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 728568FC1E
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Mar 2011 21:30:52 +0000 (UTC)
Received: by eyg7 with SMTP id 7so865623eyg.13
	for <freebsd-questions@freebsd.org>;
	Fri, 04 Mar 2011 13:30:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.213.107.13 with SMTP id z13mr13358ebo.8.1299274251949; Fri, 04
	Mar 2011 13:30:51 -0800 (PST)
Received: by 10.14.119.1 with HTTP; Fri, 4 Mar 2011 13:30:51 -0800 (PST)
X-Originating-IP: [128.95.17.209]
In-Reply-To: <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com>
References: <3382016411-764985335@intranet.com.mx>
	<AANLkTi=Fb_CiA76g79ZkP8o_yWsQcN6iuPD7w=dBxztQ@mail.gmail.com>
	<11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com>
Date: Fri, 4 Mar 2011 13:30:51 -0800
Message-ID: <AANLkTinJUO=aXYGK3RQ1vo=g2Sr-Y2=_234tL5JVy7Y4@mail.gmail.com>
From: David Brodbeck <gull@gull.us>
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: Simplest way to deny access to a class C
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2011 21:30:53 -0000

On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten@waddell.com> wrote:
> Be careful of automated responses. =A0What if someone spoofs IP's of legi=
t users / customers / whatever and your automated response blocks them? =A0=
Not good.

Fortunately this is a relatively low risk with fail2ban, because to
spoof a failed SSH connection you need to spoof a whole three-way TCP
handshake.    This could happen, but only if the attacker is on the
same subnet as the affected customer or can intercept all their
traffic for a man-in-the-middle attack.  A bigger risk is customers
fat-fingering their password repeatedly and locking themselves out. ;)