Restrict SSH access to whitelist IP – what is stopping someone pretending to be from my IP?

user3231690 asked:

I know I can whitelist a client IP for connecting to SSH on server and then Deny All other IPs. However, seeing as how the packet arriving at the server network interface must include the IP, what is stopping someone just pretending to be the whitelisted IP?

My answer:


The fact that they won’t receive the reply and thus can’t complete the three-way handshake.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.