Bug#332231: Bug#333350: ipt_recent kernel module suffers from jiffies rollover

[Horms <horms@debian.org>]

On Tue, Oct 11, 2005 at 03:46:03PM +0200, Rainer Schöpf wrote:
> Package: kernel-image-2.6.8-2-686-smp
> Version: 2.6.8-16
> Severity: serious
> 
> The ipt_recnet kernel module suffers from a wraparound of the jiffies
> counter. The problem is described by the module author on
> 
>   http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
> 
> Since the correrction didn't make it into the official kernel sources,
> I would be very grateful if the debian kernels could pick up the change.

Unfortunately the patch didn't make it upstream because it is not correct.

This bug (333350) is actually a duplicate of 332231. I am forwarding your
informtion to that bug and closing this one.

Thanks

> For reference:
> 
> I use the ipt_recent kernel module to protect against ssh attacks,
> with the following rules:
> 
> iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource
> iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j ULOG --ulog-prefix "DROP SSH_brute_force:" --ulog-cprange 64
> iptables -A dante_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP
> 
> After several weeks, ssh logins fail if they come from an IP address not
> yet known to the ipt_recent module.  Reboot helps.
> 
>  Rainer Schoepf

-- 
Horms