On 6/30/2013 9:15 AM, Pascal Hambourg wrote:
Redalert Commander a écrit :
---------- Forwarded message ----------
From: Igor Cicimov
You can block repeated attempts to log in with iptables using the
'recent' module, an alternative is 'fail2ban', which monitors your
server logs (ssh, apache, and others) for failed login attempts and then
adds an iptables rule for the offending IP.
The 'recent' match is vulnerable to source IP address spoofing and can
be abused to cause a DoS for the spoofed address. fail2ban is much less
vulnerable to such attacks.
I don't understand this statement. How is 'recent' more vulnerable to
source IP address spoofing than fail2ban? Both depend only on the
supplied address.
And how can recent 'be abused to cause a DoS...' any more than fail2ban?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51d04849.2020...@attglobal.net
