From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep 30 15:50:16 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A7C11065699
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 15:50:16 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id 002148FC25
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 15:50:15 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com
	(vanquish.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.162])
	(SSL: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Tue, 30 Sep 2008 11:50:15 -0400
	id 00056403.0000000048E24AB7.00012FF4
Date: Tue, 30 Sep 2008 11:50:14 -0400
From: Bill Moran <wmoran@collaborativefusion.com>
To: freebsd-hackers@FreeBSD.ORG
Message-Id: <20080930115014.45a0cd88.wmoran@collaborativefusion.com>
In-Reply-To: <200809301537.m8UFbcrt044684@lurza.secnetix.de>
References: <20080930151550.GA20490@omicron.my.domain>
	<200809301537.m8UFbcrt044684@lurza.secnetix.de>
Organization: Collaborative Fusion
X-Mailer: Sylpheed 2.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Oliver Fromme <olli@lurza.secnetix.de>, pierre.riteau@gmail.com
Subject: Re: SSH Brute Force attempts
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2008 15:50:16 -0000

In response to Oliver Fromme <olli@lurza.secnetix.de>:

> Pierre Riteau wrote:
> 
>  >      Because the 3-way handshake ensures that the source address is not being
>  >      spoofed, more aggressive action can be taken based on these limits.
> 
> s/not being spoofed/more difficult to spoofe/  ;-)

On a modern OS (like FreeBSD) where ISNs are random, the possibility of
blindly spoofing an IP during a 3-way handshake is so low as to be
effectively impossible.

Yes, it _can_ be done, but the effort required makes it not an effective
method of attack.

-- 
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/

wmoran@collaborativefusion.com
Phone: 412-422-3463x4023