Package: kernel-image-2.6.8-2-686-smp Version: 2.6.8-16 Severity: serious The ipt_recnet kernel module suffers from a wraparound of the jiffies counter. The problem is described by the module author on
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ Since the correrction didn't make it into the official kernel sources, I would be very grateful if the debian kernels could pick up the change. For reference: I use the ipt_recent kernel module to protect against ssh attacks, with the following rules: iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j ULOG --ulog-prefix "DROP SSH_brute_force:" --ulog-cprange 64 iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP After several weeks, ssh logins fail if they come from an IP address not yet known to the ipt_recent module. Reboot helps. Rainer Schoepf -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Versions of packages kernel-image-2.6.8-2-686-smp depends on: ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities ii initrd-tools 0.1.81.1 tools to create initrd image for p ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
