SSH Brute Force not working (any longer)

curby . curby.public at
Thu Jul 28 00:50:23 CEST 2005

On 7/27/05, Nagy Zoltan <kirk at> wrote:
> i've read 1-3 the files, i think your problem is a skip of the "update" (my english is really bad ;)
> because your --update lines have other condition like:seconds and rate
> the attacking machine when it begins to send those packets, recent knows nothing about him, it will be enlist with a --set match
> and then you don't update it's record with a single --update, so it can't reach the hitcount :)

2 and 3 have --set during the rule in the INPUT chain that jumps to
the custom chain.

On 7/27/05, Marius Mertens <marius.mertens at> wrote:
> problem. The only positive about it: I finally gave up debugging it, and as
> silently as it came, the problem disappeared. Everything is working fine
> again. With a still unchanged ruleset of course ;-)

If this is not the result of something dumb we're doing, there's
probably a bug that should be squirreled out.  Intermittent problems
in security software are bad. Still, iptables has been so stable that
I'm thinking it's likely my fault. =P

I'll keep poking at it when I have a moment.

More information about the netfilter mailing list