Kenneth Porter wrote:
--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger
wrote: fail2ban will not work for this as the incoming ip addresses are spoofed. fail2ban would end up blocking legitimate servers.
How do you spoof a source address on a TCP connection? I was unaware that was possible. How would replies know how to get back to the spoofing host? At best, you can spoof another host on your own routed segment. Unless you have control of the routing tables on the connecting routers, of course.
Exactly. These days, IP spoofing is most useful to hide the identity of the perpetrator of a DoS attack. It certainly is not applicable to a dictionary attack on POP3 or other logins since with a spoofed IP, the perpetrator will never see the response to determine if the login attempt was successful.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan