I am running a Debian wheezy server with fail2ban installed, everything works as expected but recently my own server got banned. I added the server's IP in the exception row and it seems to work, but here the question..
Is it possible that someone simulates/spoofs the server's IP to do a brute force attack ? If so, how can that be detected ?