On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <ggat...@waddell.com> wrote: > Be careful of automated responses. What if someone spoofs IP's of legit > users / customers / whatever and your automated response blocks them? Not > good.
Fortunately this is a relatively low risk with fail2ban, because to spoof a failed SSH connection you need to spoof a whole three-way TCP handshake. This could happen, but only if the attacker is on the same subnet as the affected customer or can intercept all their traffic for a man-in-the-middle attack. A bigger risk is customers fat-fingering their password repeatedly and locking themselves out. ;) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
