Bug#333350: ipt_recent kernel module suffers from jiffies rollover
Package: kernel-image-2.6.8-2-686-smp
Version: 2.6.8-16
Severity: serious
The ipt_recnet kernel module suffers from a wraparound of the jiffies
counter. The problem is described by the module author on
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
Since the correrction didn't make it into the official kernel sources,
I would be very grateful if the debian kernels could pick up the change.
For reference:
I use the ipt_recent kernel module to protect against ssh attacks,
with the following rules:
iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource
iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j ULOG --ulog-prefix "DROP SSH_brute_force:" --ulog-cprange 64
iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP
After several weeks, ssh logins fail if they come from an IP address not
yet known to the ipt_recent module. Reboot helps.
Rainer Schoepf
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Versions of packages kernel-image-2.6.8-2-686-smp depends on:
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
ii initrd-tools 0.1.81.1 tools to create initrd image for p
ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo
-- no debconf information
Reply to: