Many: Failed password for root from 22.214.171.124 port 3129
sshlockout table is empty even if there are more then 10 login attempts.
15 is teh magic value
There where a lot more.
I think they connected a lot of session parallel and than they tried the passwords.
How much ssh session are possible?
Depends on how much you allow them to be.
By default 'unlimited'. But you can limit by firewall rules how many ssh sessions are allowed.
Seems to me the default should be something less the "unlimited" :o
Its your firewall not ours.
We give you failed session per host on webgui and ssh the other stuff is random choice.
I just do not want a discussion on why 5 is low and 100 is high.
someone picked a reasonable value for this: "15 is the magic value"
I have a little bit more than 15 tries in 90 minutes.
cat system.log | grep "from 126.96.36.199 port" | wc
1844 29419 220331
I didn't find the option to enable automatic blocking.
I know it was working befor.
2.0-BETA4 (amd64) built on Tue Dec 7 07:38:11 UTC 2010
Now it will be an big security issue.
My 2nd pfsense does have this problem too.
cat system.log | grep "from 188.8.131.52 port" | wc
2467 39118 278475
2.0-BETA4 (i386) built on Thu Dec 9 13:24:37 EST 2010
Recent changes broke it, it's being worked on.
Fixed in latest code.