Kenneth Porter wrote: >--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger ><bruce.bodger at demval.com> wrote: > >> fail2ban will not work for this as the incoming ip addresses are >> spoofed. fail2ban would end up blocking legitimate servers. > >How do you spoof a source address on a TCP connection? I was unaware that >was possible. How would replies know how to get back to the spoofing host? >At best, you can spoof another host on your own routed segment. Unless you >have control of the routing tables on the connecting routers, of course.
Exactly. These days, IP spoofing is most useful to hide the identity of the perpetrator of a DoS attack. It certainly is not applicable to a dictionary attack on POP3 or other logins since with a spoofed IP, the perpetrator will never see the response to determine if the login attempt was successful. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
