On 6/30/2013 9:15 AM, Pascal Hambourg wrote:
Redalert Commander a écrit :---------- Forwarded message ---------- From: Igor CicimovYou can block repeated attempts to log in with iptables using the 'recent' module, an alternative is 'fail2ban', which monitors your server logs (ssh, apache, and others) for failed login attempts and then adds an iptables rule for the offending IP.The 'recent' match is vulnerable to source IP address spoofing and can be abused to cause a DoS for the spoofed address. fail2ban is much less vulnerable to such attacks.
I don't understand this statement. How is 'recent' more vulnerable to source IP address spoofing than fail2ban? Both depend only on the supplied address.
And how can recent 'be abused to cause a DoS...' any more than fail2ban?