Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Re: Automatically blacklist IP after multiple SSH login failures
  • From: Peter Wiersig <wiersig-ml@xxxxxxxxxxxxx>
  • Date: Fri, 9 Aug 2002 09:44:18 +0200
  • Message-id: <20020809094418.A14282@xxxxxxxxxxxxx>
Bastian Friedrich wrote:
> Am Donnerstag, 8. August 2002 22:01 schrieb Jeff Stewart:
> > That's a good idea, but I want to be able to shell in from public
> > computers. Maybe instead of blocking the IP address, I should block
> > the username from logging in after a certain number of tries.
>
> This idea is even worse, as it leads to an easy DoS: If I know your box'
> IP, I simply connect a couple of times with your login - and
> afterwards, you're no longer able to connect.

No, you don't. If you spoof the IP, you wouldn't be able to get past
the TCP handshake. If you don't have a connection, you couldn't send
a wrong password and so you're unable to lock him out.

It would be possible if you are in control of the public sites
router, but not for everyone.

Peter

< Previous Next >
Follow Ups