Re: ssh brute force attacks
From: Tony Lawrence (pcunix_at_gmail.com)
Date: 03/20/05
- Next message: Brendon Caligari: "a proper cvs howto"
- Previous message: Doug Laidlaw: "Re: (",) Do You Want To Know For Sure You Are Going To Heaven?"
- In reply to: Tony Lawrence: "Re: ssh brute force attacks"
- Next in thread: Peter T. Breuer: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 20 Mar 2005 13:50:06 -0800
Tony Lawrence wrote:
> And that's the question. What if they spoof what IP? My public ?
The
> script isn't
> that dumb. An internal private ip? Neither my router or my machine
> are dumb enough to accept a packet on an interface it shouldn't have
> come from. Someone else's public IP? Yes, as noted, I'll be
> temporarily denying that innocent person. That's not "against
> yourself", though, but if that's what he meant, great.
>
> But that can't be the case for someone who has failed login attempts,
> which is where this all started; if you are spoofing an ip, you
aren't
> ever going to know whether I ever responded to your login atttempt at
> all!
And what I forgot to mention is that with a spoofed IP, you are doing
these failed logins totally blind, and are going to be restricted by
typical sshd settings for MaxStartups (which is the exact same concept
as is being discussed, of course).
The whole idea is silly, I think. Nobody is going to do it and I doubt
they'd get very far anyway.
-- Tony Lawrence
- Next message: Brendon Caligari: "a proper cvs howto"
- Previous message: Doug Laidlaw: "Re: (",) Do You Want To Know For Sure You Are Going To Heaven?"
- In reply to: Tony Lawrence: "Re: ssh brute force attacks"
- Next in thread: Peter T. Breuer: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
