[email protected]
[Top] [All Lists]

Bug#449465: marked as forwarded (fail2ban misses repeated ssh cracking a

Subject: Bug#449465: marked as forwarded fail2ban misses repeated ssh cracking attempt
From: Debian Bug Tracking System
Date: Tue, 06 Nov 2007 18:33:09 +0000
Your message dated Tue, 6 Nov 2007 13:31:52 -0500
with message-id <[email protected]>
has caused the Debian Bug report #449465,
regarding fail2ban misses repeated ssh cracking attempt
to be marked as having been forwarded to the upstream software
author(s) Cyril Jaquier <[email protected]>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Subject: : Bug#449465: fail2ban misses repeated ssh cracking attempt]
From: Yaroslav Halchenko
Date: Tue, 6 Nov 2007 13:31:52 -0500
please see below

----- Forwarded message from Ross Boylan <[email protected]> -----

Date: Mon, 05 Nov 2007 13:47:11 -0800
From: Ross Boylan <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: Bug#449465: fail2ban misses repeated ssh cracking attempt
X-CRM114-Status: Good  ( pR: 27.3759 )

Package: fail2ban
Version: 0.8.1-2
Severity: normal

Might warrant higher severity if my analysis is correct and the
problem is general.  However, it only arises when clocks change.

On Nov 4 my logs show the same rhost attempting to login via ssh every
3 seconds from 01:44:30 through 02:00:09.  At that point, fail2ban's
log shows it blocked the offending IP.

In my timezone, clocks moved back an hour on Nov 4 02:00.

I strongly suspect that fail2ban is using the nominal time to
determine when it should wake up.  So, the first time the clock moved
from 1am to 2am, it recorded that it should wake up shortly after 2am.
This meant it went to sleep for an hour, from the second 01:00 to

It's possible there might be issues when clocks move forward as well.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages fail2ban depends on:
ii  iptables       administration tools for packet fi
ii  lsb-base                3.1-24           Linux Standard Base 3.1 init scrip
ii  python                  2.4.4-6          An interactive high-level object-o
ii  python-central          0.5.15           register and build utility for Pyt

fail2ban recommends no packages.

-- no debconf information

----- End forwarded message -----

Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student  Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW:     http://www.linkedin.com/in/yarik        

--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#449465: marked as forwarded (fail2ban misses repeated ssh cracking attempt), Debian Bug Tracking System <=