Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: Re: [suse-security] Re: Automatically blacklist IP after multiple SSH login failures
  • From: christian.burri@xxxxxxxxxx
  • Date: Fri, 9 Aug 2002 10:05:45 +0200
  • Message-id: <OF99AE3E08.E5B7547F-ONC1256C10.002BEA55@xxxxxxxxxx>




<SNIP>
>
>No, you don't. If you spoof the IP, you wouldn't be able to get past
>the TCP handshake. If you don't have a connection, you couldn't send
>a wrong password and so you're unable to lock him out.
>
>It would be possible if you are in control of the public sites
>router, but not for everyone.
>
</SNIP>

I agree that a "true" spoofing of TCP isnt trivial, BUT:

What about SOCKS or HTTP proxies? Even the dumb takeover kiddies on
IRC know how to "spoof" theyr IPs with proxies. What about ./ any
shell provider box with a /16 subnet of IPs assigned? Oh woo.
Someone I know usually telnets off some cisco routers...

Just my two cents
Chris





< Previous Next >
This Thread
  • No further messages