Floris van den Berg wrote:
... other safety measures will prevent people from gaining access.Such as - Don't allow direct root access - Use safe passwords - Monitor logs
There is a fundamental protective measure you've missed - the IP protocol itself. If somebody on IP 1.1.1.1 sends a TCP packet to port 22 on server 2.2.2.2, spoofing source address 3.3.3.3, the server will respond to 3.3.3.3, so the attacker won't receive it. SSH requires a persistent connection to work, so no session will be created. To be able to successfully spoof a source address and create a usable SSH connection, an attacker would need to be: a) On the local network segment; b) Able to ARP poison or similar (to act as a Man in the Middle); and c) Able to brute force without detection. Now, in most situations someone would be fairly obvious if they were attached to the local network segment. Unless you distrust your ISP, but they'd have other means of access anyway... Don't worry about it. -- Peter SJF Bance http://www.minstrel.org.uk/
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
