[EMAIL PROTECTED] wrote:
>You've missed the point. These types of packages don't look for >multiple attempts at a single user name. They simply watch the auth >logs and match failures to IPs. Once an IP has accumulated a certain >number of failures within a specified time period, that IP address is >temporarily added to a firewall table to block all further connections. >In your case, root/root is the first failure, mythtv/mythtv is the >second failure, etc. > >I use fail2ban to do the same thing. It's highly configurable so you >can adjust the rules to match almost any kind of log file. > > If the attacker uses a spoofed source IP of localhost, the server's IP, a configured DNS server, the Zap2it web site(s) or some other needed IP, that would be an effective DoS. If the intent is a DoS of some sort rather than an interactive login, the reply to the SSH SYN is not necessary. Are there any provisions in these tools to protect against these types of spoofing attacks? _______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
