RE: SSH scans vs connection ratelimiting
- From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
- Date: Tue, 22 Aug 2006 07:32:56 -0400
-----Original Message-----
From: owner-freebsd-security@xxxxxxxxxxx
[mailto:owner-freebsd-security@xxxxxxxxxxx] On Behalf Of Uwe Doering
Sent: Tuesday, August 22, 2006 4:09 AM
To: freebsd-security@xxxxxxxxxxx
Subject: Re: SSH scans vs connection ratelimiting
that someone could fake a complete exchange like this from the remote
via a TCP connection while using source IP address spoofing. My
understanding so far is that source IP address spoofing from
the remote
works only with connectionless protocols like UDP and ICMP,
or TCP SYN
packets as a special case. Please correct me if I'm wrong.
You are more or less correct.
For all practical purposes, spoofing a three way tcp connection is
impossible.
(for all practical purposes)
There is man in the middle attacks, routing hijacking, and possibly tcp
connection id spoofing, but if you are using a modern os that does not
suffer from connecting id guessing, its so hard to do that that only
someone specifically trying to break into your network, who has the
ability to sniff your traffic, might even have a ghost of a chance of
doing this.
(and if you already have the *keys from known_hosts, ssh will complain
about it if it even gets that far)
--
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real time
security alerts: http://www.secnap.com/news
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: SSH scans vs connection ratelimiting
- Next by Date: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp
- Previous by thread: Re: SSH scans vs connection ratelimiting
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-06:18.ppp
- Index(es):
Relevant Pages
|
|
