Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
more on web
There is a lot of information on what IP spoofing can and cannot do, on the web, a search will show a lot of articles, and it does require a good knowledge of TCP/IP protocol to grasp all the consequences.
Certainly spoofing can be used to inflict denial of service attacks, but I don't think I've heard anyone hijack a SSH session or login to a SSH shell by using IP spoofing techniques.
And blockhosts.py only deals with SSH login failures.
i was wondering if attacker
i was wondering if attacker can fake his ip so she/he can still attack by just change ip every 6~9 attempts.
========extract of my auth.log=================
Oct 1 08:07:35 MYSERVER_NAME sshd[10831]: Illegal user staff from ::ffff:211.100.4.134
Oct 1 08:07:39 MYSERVER_NAME sshd[10835]: Illegal user sales from ::ffff:211.100.4.134
Oct 1 08:07:43 MYSERVER_NAME sshd[10839]: Illegal user recruit from ::ffff:211.100.4.134
Oct 1 08:07:47 MYSERVER_NAME sshd[10843]: Illegal user alias from ::ffff:211.100.4.134
Oct 1 08:07:52 MYSERVER_NAME sshd[10847]: Illegal user office from ::ffff:211.100.4.134
Oct 1 08:07:58 MYSERVER_NAME sshd[10851]: Illegal user samba from ::ffff:211.100.4.134
Oct 1 08:08:02 MYSERVER_NAME sshd[10858]: Illegal user tomcat from ::ffff:211.100.4.134
Oct 1 08:08:06 MYSERVER_NAME sshd[10862]: Illegal user webadmin from ::ffff:211.100.4.134
Oct 1 08:08:10 MYSERVER_NAME sshd[10866]: Illegal user spam from ::ffff:211.100.4.134
Oct 1 08:38:22 MYSERVER_NAME sshd[11167]: Illegal user staff from ::ffff:217.199.176.177
Oct 1 08:38:25 MYSERVER_NAME sshd[11172]: Illegal user sales from ::ffff:217.199.176.177
Oct 1 08:38:28 MYSERVER_NAME sshd[11176]: Illegal user recruit from ::ffff:217.199.176.177
Oct 1 08:38:31 MYSERVER_NAME sshd[11180]: Illegal user alias from ::ffff:217.199.176.177
Oct 1 08:38:34 MYSERVER_NAME sshd[11184]: Illegal user office from ::ffff:217.199.176.177
Oct 1 08:38:37 MYSERVER_NAME sshd[11188]: Illegal user samba from ::ffff:217.199.176.177
Oct 1 08:38:40 MYSERVER_NAME sshd[11192]: Illegal user tomcat from ::ffff:217.199.176.177
Oct 1 08:38:43 MYSERVER_NAME sshd[11196]: Illegal user webadmin from ::ffff:217.199.176.177
Oct 1 08:38:47 MYSERVER_NAME sshd[11200]: Illegal user spam from ::ffff:217.199.176.177
Oct 1 10:04:26 MYSERVER_NAME sshd[12061]: Illegal user bart from ::ffff:211.137.210.230
Oct 1 10:04:29 MYSERVER_NAME sshd[12065]: Illegal user jaap from ::ffff:211.137.210.230
Oct 1 10:04:32 MYSERVER_NAME sshd[12069]: Illegal user www from ::ffff:211.137.210.230
Oct 1 10:04:35 MYSERVER_NAME sshd[12073]: Illegal user andre from ::ffff:211.137.210.230
Oct 1 10:04:38 MYSERVER_NAME sshd[12077]: Illegal user bjorn from ::ffff:211.137.210.230
Oct 1 10:04:44 MYSERVER_NAME sshd[12085]: Illegal user jonas from ::ffff:211.137.210.230
Oct 1 10:04:47 MYSERVER_NAME sshd[12089]: Illegal user nisse from ::ffff:211.137.210.230
Oct 1 10:04:52 MYSERVER_NAME sshd[12097]: Illegal user admin from ::ffff:211.137.210.230
Oct 1 10:04:55 MYSERVER_NAME sshd[12101]: Illegal user andreas from ::ffff:211.137.210.230
Oct 1 12:46:50 MYSERVER_NAME sshd[13664]: Illegal user test from ::ffff:218.249.139.85
Oct 1 12:46:57 MYSERVER_NAME sshd[13668]: Illegal user guest from ::ffff:218.249.139.85
Oct 1 12:47:01 MYSERVER_NAME sshd[13672]: Illegal user admin from ::ffff:218.249.139.85
Oct 1 12:47:07 MYSERVER_NAME sshd[13676]: Illegal user admin from ::ffff:218.249.139.85
Oct 1 12:47:12 MYSERVER_NAME sshd[13680]: Illegal user user from ::ffff:218.249.139.85
Oct 1 12:47:32 MYSERVER_NAME sshd[13696]: Illegal user test from ::ffff:218.249.139.85
Oct 1 12:50:30 MYSERVER_NAME sshd[13740]: Illegal user test from ::ffff:218.249.139.85
Oct 1 12:50:34 MYSERVER_NAME sshd[13744]: Illegal user guest from ::ffff:218.249.139.85
Oct 1 12:50:37 MYSERVER_NAME sshd[13748]: Illegal user admin from ::ffff:218.249.139.85
Oct 1 15:13:10 MYSERVER_NAME sshd[15122]: Illegal user earnings from ::ffff:209.152.163.64
Oct 1 15:13:12 MYSERVER_NAME sshd[15126]: Illegal user promotional from ::ffff:209.152.163.64
Oct 1 15:13:15 MYSERVER_NAME sshd[15130]: Illegal user adlibrary from ::ffff:209.152.163.64
Oct 1 15:13:17 MYSERVER_NAME sshd[15134]: Illegal user scale from ::ffff:209.152.163.64
Oct 1 15:13:20 MYSERVER_NAME sshd[15138]: Illegal user commission from ::ffff:209.152.163.64
Oct 1 15:13:22 MYSERVER_NAME sshd[15142]: Illegal user partneruser from ::ffff:209.152.163.64
Oct 1 15:13:25 MYSERVER_NAME sshd[15146]: Illegal user faquser from ::ffff:209.152.163.64
Oct 1 15:13:27 MYSERVER_NAME sshd[15150]: Illegal user costumbrand from ::ffff:209.152.163.64
Oct 1 15:13:30 MYSERVER_NAME sshd[15154]: Illegal user dashboard from ::ffff:209.152.163.64
Oct 1 21:40:20 MYSERVER_NAME sshd[18994]: Illegal user sifak from ::ffff:221.2.243.198
Oct 1 21:40:26 MYSERVER_NAME sshd[19004]: Illegal user slasher from ::ffff:221.2.243.198
Oct 1 21:47:08 MYSERVER_NAME sshd[19087]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:10 MYSERVER_NAME sshd[19095]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:12 MYSERVER_NAME sshd[19099]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:14 MYSERVER_NAME sshd[19103]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:16 MYSERVER_NAME sshd[19107]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:17 MYSERVER_NAME sshd[19111]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:19 MYSERVER_NAME sshd[19115]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:21 MYSERVER_NAME sshd[19119]: Illegal user at from ::ffff:210.112.167.230
Oct 1 21:47:23 MYSERVER_NAME sshd[19123]: Illegal user at from ::ffff:210.112.167.230
Oct 1 22:05:14 MYSERVER_NAME sshd[19297]: Illegal user sifak from ::ffff:60.31.214.219
Oct 1 22:05:23 MYSERVER_NAME sshd[19301]: Illegal user slasher from ::ffff:60.31.214.219
Oct 1 22:44:15 MYSERVER_NAME sshd[19707]: Illegal user sifak from ::ffff:61.247.194.89
Oct 1 22:44:17 MYSERVER_NAME sshd[19711]: Illegal user slasher from ::ffff:61.247.194.89
Oct 1 22:44:19 MYSERVER_NAME sshd[19715]: Illegal user fluffy from ::ffff:61.247.194.89
Oct 1 22:44:20 MYSERVER_NAME sshd[19719]: Illegal user admin from ::ffff:61.247.194.89
Oct 1 22:44:22 MYSERVER_NAME sshd[19723]: Illegal user test from ::ffff:61.247.194.89
Oct 1 22:44:24 MYSERVER_NAME sshd[19727]: Illegal user guest from ::ffff:61.247.194.89
Oct 1 22:44:26 MYSERVER_NAME sshd[19731]: Illegal user webmaster from ::ffff:61.247.194.89
Oct 1 22:44:28 MYSERVER_NAME sshd[19734]: Illegal user test from ::ffff:222.91.92.185
Oct 1 22:44:29 MYSERVER_NAME sshd[19743]: Illegal user oracle from ::ffff:61.247.194.89
Oct 1 22:44:33 MYSERVER_NAME sshd[19750]: Illegal user guest from ::ffff:222.91.92.185
Oct 1 22:44:37 MYSERVER_NAME sshd[19761]: Illegal user admin from ::ffff:222.91.92.185
Oct 1 22:44:42 MYSERVER_NAME sshd[19765]: Illegal user admin from ::ffff:222.91.92.185
Oct 1 22:44:46 MYSERVER_NAME sshd[19769]: Illegal user user from ::ffff:222.91.92.185
Oct 1 22:45:08 MYSERVER_NAME sshd[19787]: Illegal user test from ::ffff:222.91.92.185
Oct 1 22:48:52 MYSERVER_NAME sshd[19814]: Illegal user test from ::ffff:222.91.92.185
Oct 1 22:49:00 MYSERVER_NAME sshd[19818]: Illegal user guest from ::ffff:222.91.92.185
Oct 1 22:49:04 MYSERVER_NAME sshd[19822]: Illegal user admin from ::ffff:222.91.92.185
Oct 2 06:36:09 MYSERVER_NAME sshd[24453]: Illegal user test from ::ffff:210.13.41.1
Oct 2 06:36:12 MYSERVER_NAME sshd[24457]: Illegal user guest from ::ffff:210.13.41.1
Oct 2 06:36:15 MYSERVER_NAME sshd[24461]: Illegal user admin from ::ffff:210.13.41.1
Oct 2 06:36:19 MYSERVER_NAME sshd[24465]: Illegal user admin from ::ffff:210.13.41.1
Oct 2 06:36:23 MYSERVER_NAME sshd[24469]: Illegal user user from ::ffff:210.13.41.1
Oct 2 06:36:45 MYSERVER_NAME sshd[24485]: Illegal user test from ::ffff:210.13.41.1
Oct 2 07:46:23 MYSERVER_NAME sshd[25220]: Illegal user staff from ::ffff:221.231.141.231
Oct 2 07:46:26 MYSERVER_NAME sshd[25224]: Illegal user sales from ::ffff:221.231.141.231
Oct 2 07:46:29 MYSERVER_NAME sshd[25228]: Illegal user recruit from ::ffff:221.231.141.231
Oct 2 07:46:32 MYSERVER_NAME sshd[25235]: Illegal user alias from ::ffff:221.231.141.231
Oct 2 07:46:35 MYSERVER_NAME sshd[25245]: Illegal user office from ::ffff:221.231.141.231
Oct 2 07:46:38 MYSERVER_NAME sshd[25249]: Illegal user samba from ::ffff:221.231.141.231
Oct 2 07:46:41 MYSERVER_NAME sshd[25253]: Illegal user tomcat from ::ffff:221.231.141.231
Oct 2 07:46:44 MYSERVER_NAME sshd[25257]: Illegal user webadmin from ::ffff:221.231.141.231
Oct 2 07:46:48 MYSERVER_NAME sshd[25261]: Illegal user spam from ::ffff:221.231.141.231
Oct 2 08:29:26 MYSERVER_NAME sshd[26052]: Illegal user staff from ::ffff:210.0.186.202
Oct 2 08:29:28 MYSERVER_NAME sshd[26056]: Illegal user sales from ::ffff:210.0.186.202
Oct 2 08:29:30 MYSERVER_NAME sshd[26060]: Illegal user recruit from ::ffff:210.0.186.202
Oct 2 08:29:32 MYSERVER_NAME sshd[26064]: Illegal user alias from ::ffff:210.0.186.202
Oct 2 08:29:34 MYSERVER_NAME sshd[26068]: Illegal user office from ::ffff:210.0.186.202
Oct 2 08:29:35 MYSERVER_NAME sshd[26072]: Illegal user samba from ::ffff:210.0.186.202
Oct 2 08:29:37 MYSERVER_NAME sshd[26076]: Illegal user tomcat from ::ffff:210.0.186.202
Oct 2 08:29:39 MYSERVER_NAME sshd[26080]: Illegal user webadmin from ::ffff:210.0.186.202
Oct 2 08:29:41 MYSERVER_NAME sshd[26084]: Illegal user spam from ::ffff:210.0.186.202
Oct 2 11:21:05 MYSERVER_NAME sshd[4177]: Illegal user webmaster from ::ffff:222.122.47.221
Oct 2 11:21:08 MYSERVER_NAME sshd[4182]: Illegal user admin from ::ffff:222.122.47.221
Oct 2 11:21:18 MYSERVER_NAME sshd[4192]: Illegal user webadmin from ::ffff:222.122.47.221
Oct 2 11:21:24 MYSERVER_NAME sshd[4201]: Illegal user ftpuser from ::ffff:222.122.47.221
Oct 2 11:21:27 MYSERVER_NAME sshd[4208]: Illegal user testuser from ::ffff:222.122.47.221
Oct 2 11:21:30 MYSERVER_NAME sshd[4212]: Illegal user testuser from ::ffff:222.122.47.221
Oct 2 11:21:32 MYSERVER_NAME sshd[4219]: Illegal user test from ::ffff:222.122.47.221
Oct 2 11:21:35 MYSERVER_NAME sshd[4226]: Illegal user guestuser from ::ffff:222.122.47.221
Oct 2 19:11:36 MYSERVER_NAME sshd[2134]: Illegal user test from ::ffff:218.1.65.233
Oct 2 19:11:39 MYSERVER_NAME sshd[2146]: Illegal user guest from ::ffff:218.1.65.233
Oct 2 19:11:43 MYSERVER_NAME sshd[2150]: Illegal user admin from ::ffff:218.1.65.233
Oct 2 19:11:46 MYSERVER_NAME sshd[2154]: Illegal user admin from ::ffff:218.1.65.233
Oct 2 19:11:50 MYSERVER_NAME sshd[2158]: Illegal user user from ::ffff:218.1.65.233
Oct 2 19:12:04 MYSERVER_NAME sshd[2175]: Illegal user test from ::ffff:218.1.65.233
Oct 2 19:16:13 MYSERVER_NAME sshd[2191]: Illegal user test from ::ffff:218.1.65.233
Oct 2 19:16:16 MYSERVER_NAME sshd[2196]: Illegal user guest from ::ffff:218.1.65.233
Oct 2 23:49:01 MYSERVER_NAME sshd[4772]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:04 MYSERVER_NAME sshd[4779]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:07 MYSERVER_NAME sshd[4783]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:10 MYSERVER_NAME sshd[4787]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:13 MYSERVER_NAME sshd[4791]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:16 MYSERVER_NAME sshd[4795]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:19 MYSERVER_NAME sshd[4799]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:49:22 MYSERVER_NAME sshd[4803]: Illegal user test from ::ffff:211.192.123.122
Oct 2 23:53:37 MYSERVER_NAME sshd[4854]: Illegal user a from ::ffff:83.15.77.122
Oct 2 23:53:44 MYSERVER_NAME sshd[4858]: Illegal user b from ::ffff:83.15.77.122
Oct 2 23:53:50 MYSERVER_NAME sshd[4871]: Illegal user c from ::ffff:83.15.77.122
Oct 2 23:53:56 MYSERVER_NAME sshd[4875]: Illegal user d from ::ffff:83.15.77.122
Oct 2 23:54:03 MYSERVER_NAME sshd[4879]: Illegal user e from ::ffff:83.15.77.122
Oct 2 23:54:09 MYSERVER_NAME sshd[4883]: Illegal user f from ::ffff:83.15.77.122
Oct 2 23:54:15 MYSERVER_NAME sshd[4887]: Illegal user g from ::ffff:83.15.77.122
Oct 2 23:54:22 MYSERVER_NAME sshd[4891]: Illegal user h from ::ffff:83.15.77.122
Oct 3 00:22:03 MYSERVER_NAME sshd[5156]: Illegal user test from ::ffff:221.3.131.66
Oct 3 00:22:07 MYSERVER_NAME sshd[5164]: Illegal user guest from ::ffff:221.3.131.66
Oct 3 00:22:14 MYSERVER_NAME sshd[5172]: Illegal user admin from ::ffff:221.3.131.66
Oct 3 00:22:20 MYSERVER_NAME sshd[5176]: Illegal user admin from ::ffff:221.3.131.66
Oct 3 00:22:24 MYSERVER_NAME sshd[5180]: Illegal user user from ::ffff:221.3.131.66
Oct 3 00:22:44 MYSERVER_NAME sshd[5196]: Illegal user test from ::ffff:221.3.131.66
Oct 3 00:23:14 MYSERVER_NAME sshd[5200]: Illegal user test from ::ffff:221.3.131.66
Oct 3 00:23:20 MYSERVER_NAME sshd[5204]: Illegal user guest from ::ffff:221.3.131.66
Oct 3 04:36:28 MYSERVER_NAME sshd[8730]: Illegal user test from ::ffff:219.232.118.126
Oct 3 04:36:35 MYSERVER_NAME sshd[8735]: Illegal user guest from ::ffff:219.232.118.126
Oct 3 04:37:33 MYSERVER_NAME sshd[8753]: Illegal user test from ::ffff:219.232.118.126
Oct 3 04:37:37 MYSERVER_NAME sshd[8757]: Illegal user guest from ::ffff:219.232.118.126
Oct 3 04:37:40 MYSERVER_NAME sshd[8761]: Illegal user admin from ::ffff:219.232.118.126
Oct 3 04:37:43 MYSERVER_NAME sshd[8765]: Illegal user admin from ::ffff:219.232.118.126
Oct 3 04:37:47 MYSERVER_NAME sshd[8769]: Illegal user user from ::ffff:219.232.118.126
Oct 3 16:17:35 MYSERVER_NAME sshd[9303]: Illegal user dfen from ::ffff:192.168.50.201
Oct 3 17:19:37 MYSERVER_NAME sshd[11678]: Illegal user admin from ::ffff:218.38.215.234
Oct 3 17:19:39 MYSERVER_NAME sshd[11682]: Illegal user test from ::ffff:218.38.215.234
Oct 3 17:19:42 MYSERVER_NAME sshd[11686]: Illegal user guest from ::ffff:218.38.215.234
Oct 3 17:19:44 MYSERVER_NAME sshd[11693]: Illegal user webmaster from ::ffff:218.38.215.234
Oct 3 17:19:49 MYSERVER_NAME sshd[11701]: Illegal user oracle from ::ffff:218.38.215.234
Oct 3 17:19:51 MYSERVER_NAME sshd[11705]: Illegal user library from ::ffff:218.38.215.234
Oct 3 17:19:54 MYSERVER_NAME sshd[11709]: Illegal user info from ::ffff:218.38.215.234
Oct 3 17:19:56 MYSERVER_NAME sshd[11713]: Illegal user shell from ::ffff:218.38.215.234
Oct 3 18:10:48 MYSERVER_NAME sshd[12364]: Illegal user apple from ::ffff:200.142.84.36
Oct 3 18:10:55 MYSERVER_NAME sshd[12372]: Illegal user brian from ::ffff:200.142.84.36
Oct 3 18:11:02 MYSERVER_NAME sshd[12380]: Illegal user andrew from ::ffff:200.142.84.36
Oct 3 18:11:08 MYSERVER_NAME sshd[12388]: Illegal user newsroom from ::ffff:200.142.84.36
Oct 3 18:11:15 MYSERVER_NAME sshd[12396]: Illegal user magazine from ::ffff:200.142.84.36
Oct 3 18:11:21 MYSERVER_NAME sshd[12404]: Illegal user research from ::ffff:200.142.84.36
Oct 3 18:11:28 MYSERVER_NAME sshd[12412]: Illegal user cjohnson from ::ffff:200.142.84.36
Oct 4 00:48:49 MYSERVER_NAME sshd[16253]: Illegal user test from ::ffff:124.32.238.85
Oct 4 00:48:51 MYSERVER_NAME sshd[16257]: Illegal user test from ::ffff:124.32.238.85
Oct 4 00:48:53 MYSERVER_NAME sshd[16261]: Illegal user test from ::ffff:124.32.238.85
Oct 4 00:48:55 MYSERVER_NAME sshd[16265]: Illegal user test from ::ffff:124.32.238.85
Oct 4 00:48:57 MYSERVER_NAME sshd[16269]: Illegal user guest from ::ffff:124.32.238.85
Oct 4 00:49:01 MYSERVER_NAME sshd[16277]: Illegal user apache from ::ffff:124.32.238.85
Oct 4 00:49:03 MYSERVER_NAME sshd[16281]: Illegal user prova from ::ffff:124.32.238.85
Oct 4 00:49:04 MYSERVER_NAME sshd[16285]: Illegal user prueba from ::ffff:124.32.238.85
Oct 4 10:41:36 MYSERVER_NAME sshd[29515]: Illegal user test from ::ffff:210.51.191.211
Oct 4 10:41:38 MYSERVER_NAME sshd[29519]: Illegal user guest from ::ffff:210.51.191.211
Oct 4 10:41:40 MYSERVER_NAME sshd[29523]: Illegal user admin from ::ffff:210.51.191.211
Oct 4 10:41:42 MYSERVER_NAME sshd[29533]: Illegal user admin from ::ffff:210.51.191.211
Oct 4 10:41:44 MYSERVER_NAME sshd[29537]: Illegal user user from ::ffff:210.51.191.211
Oct 4 10:45:01 MYSERVER_NAME sshd[29647]: Illegal user test from ::ffff:210.51.191.211
Oct 4 10:45:03 MYSERVER_NAME sshd[29663]: Illegal user guest from ::ffff:210.51.191.211
Oct 4 10:45:05 MYSERVER_NAME sshd[29673]: Illegal user admin from ::ffff:210.51.191.211
Oct 4 11:12:02 MYSERVER_NAME sshd[31165]: Illegal user test from ::ffff:12.107.120.50
Oct 4 11:12:04 MYSERVER_NAME sshd[31169]: Illegal user guest from ::ffff:12.107.120.50
Oct 4 11:12:06 MYSERVER_NAME sshd[31174]: Illegal user admin from ::ffff:12.107.120.50
Oct 4 11:12:08 MYSERVER_NAME sshd[31182]: Illegal user admin from ::ffff:12.107.120.50
Oct 4 11:12:10 MYSERVER_NAME sshd[31187]: Illegal user user from ::ffff:12.107.120.50
Oct 4 11:15:58 MYSERVER_NAME sshd[31376]: Illegal user test from ::ffff:12.107.120.50
Oct 4 11:16:00 MYSERVER_NAME sshd[31380]: Illegal user guest from ::ffff:12.107.120.50
Oct 4 11:16:02 MYSERVER_NAME sshd[31384]: Illegal user admin from ::ffff:12.107.120.50
Oct 4 18:21:32 MYSERVER_NAME sshd[21973]: Illegal user brad from ::ffff:210.212.205.20
Oct 4 18:21:35 MYSERVER_NAME sshd[21977]: Illegal user brad from ::ffff:210.212.205.20
Oct 4 18:21:39 MYSERVER_NAME sshd[21982]: Illegal user bad from ::ffff:210.212.205.20
Oct 4 18:21:42 MYSERVER_NAME sshd[21995]: Illegal user carole from ::ffff:210.212.205.20
Oct 4 18:21:46 MYSERVER_NAME sshd[22003]: Illegal user carole from ::ffff:210.212.205.20
Oct 4 18:21:50 MYSERVER_NAME sshd[22007]: Illegal user carole from ::ffff:210.212.205.20
Oct 4 18:21:54 MYSERVER_NAME sshd[22011]: Illegal user philippe from ::ffff:210.212.205.20
Oct 4 18:22:01 MYSERVER_NAME sshd[22015]: Illegal user philippe from ::ffff:210.212.205.20
Oct 4 18:41:08 MYSERVER_NAME sshd[22242]: Illegal user test from ::ffff:61.129.109.96
Oct 4 18:41:12 MYSERVER_NAME sshd[22246]: Illegal user guest from ::ffff:61.129.109.96
Oct 4 18:41:15 MYSERVER_NAME sshd[22250]: Illegal user admin from ::ffff:61.129.109.96
Oct 4 18:41:18 MYSERVER_NAME sshd[22254]: Illegal user admin from ::ffff:61.129.109.96
Oct 4 18:41:22 MYSERVER_NAME sshd[22258]: Illegal user user from ::ffff:61.129.109.96
Oct 4 18:41:36 MYSERVER_NAME sshd[22274]: Illegal user test from ::ffff:61.129.109.96
Oct 4 21:55:32 MYSERVER_NAME sshd[24089]: Illegal user test from ::ffff:61.129.109.96
Oct 4 21:55:37 MYSERVER_NAME sshd[24093]: Illegal user guest from ::ffff:61.129.109.96
Oct 4 22:25:09 MYSERVER_NAME sshd[24402]: Illegal user apple from ::ffff:61.145.75.231
Oct 4 22:25:25 MYSERVER_NAME sshd[24425]: Illegal user brian from ::ffff:61.145.75.231
Oct 4 22:25:39 MYSERVER_NAME sshd[24433]: Illegal user andrew from ::ffff:61.145.75.231
Oct 4 22:42:23 MYSERVER_NAME sshd[24615]: Illegal user apple from ::ffff:61.145.75.231
Oct 4 22:42:30 MYSERVER_NAME sshd[24623]: Illegal user brian from ::ffff:61.145.75.231
Oct 4 22:42:37 MYSERVER_NAME sshd[24631]: Illegal user andrew from ::ffff:61.145.75.231
Oct 4 22:42:43 MYSERVER_NAME sshd[24639]: Illegal user newsroom from ::ffff:61.145.75.231
Oct 5 03:30:25 MYSERVER_NAME sshd[28754]: Illegal user test from ::ffff:211.223.193.201
Oct 5 03:30:28 MYSERVER_NAME sshd[28758]: Illegal user guest from ::ffff:211.223.193.201
Oct 5 03:30:30 MYSERVER_NAME sshd[28762]: Illegal user admin from ::ffff:211.223.193.201
Oct 5 03:30:33 MYSERVER_NAME sshd[28766]: Illegal user admin from ::ffff:211.223.193.201
Oct 5 03:30:36 MYSERVER_NAME sshd[28770]: Illegal user user from ::ffff:211.223.193.201
Oct 5 03:30:47 MYSERVER_NAME sshd[28786]: Illegal user test from ::ffff:211.223.193.201
Oct 5 03:31:23 MYSERVER_NAME sshd[28790]: Illegal user test from ::ffff:211.223.193.201
Oct 5 03:31:26 MYSERVER_NAME sshd[28794]: Illegal user guest from ::ffff:211.223.193.201
no, not possible
IP spoofing can be used for denial of service attacks, or network scanning, cannot be used for a long conversation - as is needed to set up (even a failed) SSH authentication.
This is a topic well addressed on the web - search for "ip spoofing" on Google is a good start.
One possiblity for are szenario with spoofed ip addresses
There is IMHO one possibility for run into trouble with spoofed ip-adresses. The default blocking for the hosts.allow file is to block all services (ALL) for each ip adress who run into blockhosts.
-------------blockhosts.cfg------------
BLOCK_SERVICES = "ALL"
------------/blockhosts.cfg------------
Now if an attacker has spyed your environment and is informed about your public ip adresses, like your nameservers or mailservers or webservers or somthing else hosted by your provider for example, he is able to spoof this adresses, well-known that he is blocking your communication between you and your own communication partners on ANY services (ALL).
The better way is IMHO, that you configure your blockhost script to block only the service for what you are build your blockhosts environment.
BLOCK_SERVICES="vsftpd" (for example)
Bye Tom