Adam Carter пишет:
It's just interesting. But I don't trust them enough. I don't know how these lists were composed. We've periodically seen viruses outbreaks, some computers IPs could get into lists because of trojans and so on. One day you won't reach your server from your own home computer...Also take a note that there are no "known-compromised hosts"What about hosts listed in RBLs? http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It would be interesting to see if how much correlation there is between ssh brute forcing bots and the contents of the various lists.
I agree but as admin I prefer to think about many things worse than they really are. If something wrong is possible it's better to avoid it beforehand.because ANY IP can be forged.Its easy enough to forge a SYN, but to setup a session so you can make a password guessing attempt requires that you also get the packets back from the server, which is an order of magnitude more difficult. Ever since OSes have implemented well chosen initial sequence numbers, spoofing of TCP sessions has become very difficult.
Best regards, Evgeniy B.
smime.p7s
Description: S/MIME Cryptographic Signature
