Simplest way to deny access to a class C

David Brodbeck gull at
Fri Mar 4 21:30:53 UTC 2011

On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten at> wrote:
> Be careful of automated responses.  What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them?  Not good.

Fortunately this is a relatively low risk with fail2ban, because to
spoof a failed SSH connection you need to spoof a whole three-way TCP
handshake.    This could happen, but only if the attacker is on the
same subnet as the affected customer or can intercept all their
traffic for a man-in-the-middle attack.  A bigger risk is customers
fat-fingering their password repeatedly and locking themselves out. ;)

More information about the freebsd-questions mailing list