pfctl table cleared time is jumping around

Wed, 20 Jan 2010 08:03:38 -0800 

Hi,

it seems there is a bug in pfctl regarding the cleared time of a table
entry. The attack actually happend this year, but the date shown is
constantly changing:

# pfctl -t bruteforce -vT show
   81.38.199.134
        Cleared:     Sun Apr 12 18:24:16 2009
   88.183.20.179
        Cleared:     Sun Apr 12 18:24:16 2009
   210.51.48.71
        Cleared:     Sun Apr 12 18:24:16 2009
# pfctl -t bruteforce -vT show
   81.38.199.134
        Cleared:     Sun Apr 12 18:24:16 2009
   88.183.20.179
        Cleared:     Sun Apr 12 18:24:16 2009
   210.51.48.71
        Cleared:     Sun Apr 12 18:24:16 2009
# pfctl -t bruteforce -vT show
   81.38.199.134
        Cleared:     Mon Apr 13 03:30:24 2009
   88.183.20.179
        Cleared:     Mon Apr 13 03:30:24 2009
   210.51.48.71
        Cleared:     Mon Apr 13 03:30:24 2009
# pfctl -t bruteforce -vT show
   81.38.199.134
        Cleared:     Sun Jul  6 11:53:04 1986
   88.183.20.179
        Cleared:     Sun Jul  6 11:53:04 1986
   210.51.48.71
        Cleared:     Sun Jul  6 11:53:04 1986


# grep 81.38.199.134 /var/log/authlog
Jan 20 12:42:17 warden sshd[12934]: Did not receive identification
string from 81.38.199.134
Jan 20 12:42:21 warden sshd[13182]: Failed password for root from
81.38.199.134 port 21471 ssh2
Jan 20 12:42:21 warden sshd[30963]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:25 warden sshd[25143]: Failed password for root from
81.38.199.134 port 21590 ssh2
Jan 20 12:42:25 warden sshd[10472]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:32 warden sshd[18071]: Failed password for root from
81.38.199.134 port 21689 ssh2
Jan 20 12:42:32 warden sshd[22432]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:36 warden sshd[6172]: Failed password for root from
81.38.199.134 port 21883 ssh2
Jan 20 12:42:36 warden sshd[18517]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:40 warden sshd[4324]: Failed password for root from
81.38.199.134 port 21999 ssh2
Jan 20 12:42:42 warden sshd[29797]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:49 warden sshd[21681]: Failed password for root from
81.38.199.134 port 22104 ssh2
Jan 20 12:42:50 warden sshd[11246]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:42:56 warden sshd[14492]: Failed password for root from
81.38.199.134 port 22351 ssh2
Jan 20 12:42:57 warden sshd[20990]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:43:00 warden sshd[13399]: Failed password for root from
81.38.199.134 port 22545 ssh2
Jan 20 12:43:03 warden sshd[16824]: Received disconnect from
81.38.199.134: 11: Goodbye
Jan 20 12:43:07 warden sshd[29615]: Failed password for root from
81.38.199.134 port 22652 ssh2
Jan 20 12:43:08 warden sshd[32628]: Received disconnect from
81.38.199.134: 11: Goodbye


# dmesg
http://openbsd.lechtermann.net/pub/misc/dmesg.SUNv440

Reply via email to