[Bug 214980] blacklistd and sshd incorrect counting of failed login attempts
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 1 14:10:01 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214980
Bug ID: 214980
Summary: blacklistd and sshd incorrect counting of failed login
attempts
Product: Base System
Version: 11.0-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: azhegalov at gmail.com
CC: freebsd-amd64 at FreeBSD.org
CC: freebsd-amd64 at FreeBSD.org
Created attachment 177576
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177576&action=edit
some output from ssh, blacklistd and blacklistctl
Every one failed ssh login attempt generates several counts in blacklistd.db.
After two attempts
ssh -b 10.10.0.1 test at 192.168.4.75
Password for test at 192.168.4.75:
Password for test at 192.168.4.75:
i got:
blacklistctl dump -a
address/ma:port id nfail last access
10.10.0.1/32:22 OK 6/5 2016/12/01 16:55:48
And /usr/libexec/blacklistd-helper script does not check ipfw rule existence
before adding it. It generates excess rules like:
ipfw show
02022 27 2244 deny tcp from table(port22) to any dst-port 22
02022 0 0 deny tcp from table(port22) to any dst-port 22 <-----
02022 0 0 deny tcp from table(port22) to any dst-port 22 <-----
02022 0 0 deny tcp from table(port22) to any dst-port 22 <-----
65535 799979 77763414 allow ip from any to any
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list