Re: Need urgent help regarding security
> >Be careful with adding ip addresses to deny via a packet filter.
> >If an attacker uses spoofed IP adresses, you may produce yourself
> >easily a denial of service attack.
>
> Not sure I agree with the easily part. TCP transport plus SSH
> protocol spoofing is not a vector that normally needs to be secured
> beyond what is already done in the kernel and router. That's not to
> say such spoofing cannot be done, just that it is rare and would
> require a compromised router or localnet host at a minimum.
Except that it doesn't require spoofed addresses. One attacker from the
local university's computer center (or from a large shell service ISP)
could lock out all of the other users on that machine. Trivially.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 33 之 36 篇):