https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214980

            Bug ID: 214980
           Summary: blacklistd and sshd incorrect counting of failed login
                    attempts
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: azhega...@gmail.com
                CC: freebsd-am...@freebsd.org
                CC: freebsd-am...@freebsd.org

Created attachment 177576
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177576&action=edit
some output from ssh, blacklistd and blacklistctl

Every one failed ssh login attempt generates several counts in blacklistd.db.

After two attempts

ssh -b 10.10.0.1 test@192.168.4.75
Password for test@192.168.4.75:
Password for test@192.168.4.75:

i got:
blacklistctl dump -a
        address/ma:port id      nfail   last access
      10.10.0.1/32:22   OK      6/5     2016/12/01 16:55:48


And /usr/libexec/blacklistd-helper script does not check ipfw rule existence
before adding it. It generates excess rules like:

ipfw show
02022     27     2244 deny tcp from table(port22) to any dst-port 22
02022      0        0 deny tcp from table(port22) to any dst-port 22 <-----
02022      0        0 deny tcp from table(port22) to any dst-port 22 <-----
02022      0        0 deny tcp from table(port22) to any dst-port 22 <-----
65535 799979 77763414 allow ip from any to any

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to