16 Aug
2008
16 Aug
'08
3:08 a.m.
--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger bruce.bodger@demval.com wrote:
fail2ban will not work for this as the incoming ip addresses are spoofed. fail2ban would end up blocking legitimate servers.
How do you spoof a source address on a TCP connection? I was unaware that was possible. How would replies know how to get back to the spoofing host? At best, you can spoof another host on your own routed segment. Unless you have control of the routing tables on the connecting routers, of course.