On Tue, Oct 11, 2005 at 03:46:03PM +0200, Rainer Schöpf wrote: > Package: kernel-image-2.6.8-2-686-smp > Version: 2.6.8-16 > Severity: serious > > The ipt_recnet kernel module suffers from a wraparound of the jiffies > counter. The problem is described by the module author on > > http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ > > Since the correrction didn't make it into the official kernel sources, > I would be very grateful if the debian kernels could pick up the change.
Unfortunately the patch didn't make it upstream because it is not correct. This bug (333350) is actually a duplicate of 332231. I am forwarding your informtion to that bug and closing this one. Thanks > For reference: > > I use the ipt_recent kernel module to protect against ssh attacks, > with the following rules: > > iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent > --set --name SSH --rsource > iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j ULOG > --ulog-prefix "DROP SSH_brute_force:" --ulog-cprange 64 > iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP > > After several weeks, ssh logins fail if they come from an IP address not > yet known to the ipt_recent module. Reboot helps. > > Rainer Schoepf -- Horms
