search

Ernillew / wl500g

Automatically exported from code.google.com/p/wl500g
0 stars 0 forks source link

Brute Force Attack protection (from web-ui) #170

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
0. "Protection against Brute Force Attack for SSH and FTP Servers" Settings: 
"Hitcount" is set to 3, 600sec, Brute Force Protection enabled.
1. Try to SSH-login via PuTTY with right name and wrong password
2. Received "connection error" after 10 wrong attempts
3. Then I try to login with wrong name and wrong password
4. Received "connection error" after 5 wrong attempts
5. Settings via web-ui is not in effect?

What is the expected output? What do you see instead?
Nov  4 19:09:39 dropbear[5380]: Child connection from 10.0.0.101:49958
Nov  4 19:09:44 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:46 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:47 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:48 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:50 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:51 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:52 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:54 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:55 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:56 dropbear[5380]: bad password attempt for 'map' from 
10.0.0.101:49958
Nov  4 19:09:57 dropbear[5380]: exit before auth (user 'map', 10 fails): Max 
auth tries reached - user 'map' from 10.0.0.101:49958

Nov  4 19:20:16 dropbear[5425]: Child connection from 10.0.0.101:49998
Nov  4 19:20:22 dropbear[5425]: login attempt for nonexistent user from 
10.0.0.101:49998
Nov  4 19:20:23 dropbear[5425]: login attempt for nonexistent user from 
10.0.0.101:49998
Nov  4 19:20:25 dropbear[5425]: login attempt for nonexistent user from 
10.0.0.101:49998
Nov  4 19:20:26 dropbear[5425]: login attempt for nonexistent user from 
10.0.0.101:49998
Nov  4 19:20:28 dropbear[5425]: login attempt for nonexistent user from 
10.0.0.101:49998
Nov  4 19:20:29 dropbear[5425]: exit before auth: Max auth tries reached - user 
'is invalid' from 10.0.0.101:49998

What version of the product are you using?
WL500gpv2-1.9.2.7-d-r2321

Please provide any additional information below.

Original issue reported on code.google.com by a.matros...@gmail.com on 4 Nov 2010 at 4:32

GoogleCodeExporter commented 9 years ago 
You attempt to login to your ssh server from LAN. Brute force protection by 
firewall is intended for control of login attempts from WAN. What you've 
mentioned are defaults of the built in dropbear features:

#define MAX_UNAUTH_PER_IP 5
#define MAX_AUTH_TRIES 10

not related to brute force protection using firewall.

Original comment by al37...@gmail.com on 28 Nov 2010 at 9:33

GoogleCodeExporter commented 9 years ago 
Thanx!

Original comment by a.matros...@gmail.com on 29 Nov 2010 at 11:46