Simplest way to deny access to a class C
David Brodbeck
gull at gull.us
Fri Mar 4 21:30:53 UTC 2011
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten at waddell.com> wrote:
> Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good.
Fortunately this is a relatively low risk with fail2ban, because to
spoof a failed SSH connection you need to spoof a whole three-way TCP
handshake. This could happen, but only if the attacker is on the
same subnet as the affected customer or can intercept all their
traffic for a man-in-the-middle attack. A bigger risk is customers
fat-fingering their password repeatedly and locking themselves out. ;)
More information about the freebsd-questions
mailing list