From: Peter S. B. <Min...@mi...> - 2006-08-09 06:18:07
|
> I put my own network's public addresses in 'allowed-hosts', so as not to > lock myself out accidentally. Is this unwise? Am I inviting attacks > from machines spoofing my own addresses? It shouldn't be a problem - spoofing source addresses to create an SSH session is not possible. If you think about it, they can send a crafted TCP packet to your host, but then where will the response go? To your network. Source address spoofing is really only used in DoS attacks. -- Peter SJF Bance http://www.minstrel.org.uk/ |