Your message dated Tue, 6 Nov 2007 13:31:52 -0500
with message-id <[email protected]>
has caused the Debian Bug report #449465,
regarding fail2ban misses repeated ssh cracking attempt
to be marked as having been forwarded to the upstream software
author(s) Cyril Jaquier <[email protected]>.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
: Bug#449465: fail2ban misses repeated ssh cracking attempt]
Tue, 6 Nov 2007 13:31:52 -0500
please see below
----- Forwarded message from Ross Boylan <[email protected]> -----
Date: Mon, 05 Nov 2007 13:47:11 -0800
From: Ross Boylan <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: Bug#449465: fail2ban misses repeated ssh cracking attempt
X-CRM114-Status: Good ( pR: 27.3759 )
Might warrant higher severity if my analysis is correct and the
problem is general. However, it only arises when clocks change.
On Nov 4 my logs show the same rhost attempting to login via ssh every
3 seconds from 01:44:30 through 02:00:09. At that point, fail2ban's
log shows it blocked the offending IP.
In my timezone, clocks moved back an hour on Nov 4 02:00.
I strongly suspect that fail2ban is using the nominal time to
determine when it should wake up. So, the first time the clock moved
from 1am to 2am, it recorded that it should wake up shortly after 2am.
This meant it went to sleep for an hour, from the second 01:00 to
It's possible there might be issues when clocks move forward as well.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii iptables 22.214.171.124debian1-1 administration tools for packet fi
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii python 2.4.4-6 An interactive high-level object-o
ii python-central 0.5.15 register and build utility for Pyt
fail2ban recommends no packages.
-- no debconf information
----- End forwarded message -----
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
--- End Message ---