Hacker News new | past | comments | ask | show | jobs | submit login

Would you consider fail2ban in this case?



"Warning: Using an IP blacklist will stop trivial attacks but it relies on an additional daemon and successful logging (the partition containing /var can become full, especially if an attacker is pounding on the server). Additionally, if the attacker knows your IP address, they can send packets with a spoofed source header and get you locked out of the server. SSH keys provide an elegant solution to the problem of brute forcing without these problems."

source: https://wiki.archlinux.org/index.php/Fail2ban


> Additionally, if the attacker knows your IP address, they can send packets with a spoofed source header and get you locked out of the server.

No they can't. That is not how TCP works.


From memory, you can spoof UDP but not TCP.

https://serverfault.com/a/153619/91708




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: