Need urgent help regarding security

[Roger Marquis]

Lowell Gilbert wrote:
>> Not sure I agree with the easily part..  TCP transport plus SSH
>> protocol spoofing is not a vector that normally needs to be secured
>> beyond what is already done in the kernel and router.  That's not to
>> say such spoofing cannot be done, just that it is rare and would
>> require a compromised router or localnet host at a minimum.
>
> Except that it doesn't require spoofed addresses.  One attacker from the
> local university's computer center (or from a large shell service ISP)
> could lock out all of the other users on that machine.  Trivially.

And that's exactly what you want.  The alternative is to let the
dictionary attack continue unabated.

At least once the blackhole is up, and notices sent, the target
host's admins can contact the attacking host's admins to shutdown
the account or process running the scan.

If nobody is monitoring the IDS alerts that's a different problem.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/