cschantz
02f697f4c1
CRITICAL FIX: Resolve 3 bugs preventing SYN attack detection
Issues Fixed:
1. Unanchored IP grep (line 2626): Changed 'grep "$ip"' to 'grep -w "$ip"'
- Impact: Prevented false-positive whitelisting of legitimate IPs
- Bug: "1.1.1.1" matched "11.1.1.1", "119.1.1.1", etc.
2. SYN count filter too strict (line 2935): Changed 'awk $1 > 5' to 'awk $1 >= 3'
- Impact: Prevented detection of IPs with 3-5 SYN connections
- Bug: Tier 4 attacks allow threshold 3, but filter required >5 connections
- Result: IPs silently skipped from detection entirely
3. Double-increment of block counter (line 3350): Removed duplicate increment
- Impact: Block count off-by-one high
- Bug: batch_block_ips() incremented by N, then additional +1 applied
- Result: 10 blocked IPs counted as 11
Testing Notes:
- All three bugs would have prevented SYN detection during high-severity attacks
- Fix #1 ensures legitimate users aren't accidentally whitelisted
- Fix #2 enables detection at minimum 3 connections (critical for Tier 4)
- Fix #3 ensures accurate block count reporting
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-06 22:31:44 -05:00
..
2026-02-11 22:45:04 -05:00
2026-02-17 18:42:04 -05:00
2025-12-11 17:01:17 -05:00
2025-11-03 18:21:40 -05:00
2025-12-03 20:12:20 -05:00
2026-03-06 22:31:44 -05:00
2026-02-20 23:04:35 -05:00
2026-02-17 18:42:50 -05:00
2026-02-07 02:50:34 -05:00
2025-11-03 18:21:40 -05:00
2026-02-03 02:13:10 -05:00
2026-02-07 02:43:07 -05:00
2025-11-20 15:50:45 -05:00
2025-11-19 20:06:50 -05:00
2025-11-03 18:21:40 -05:00
2025-11-03 18:21:40 -05:00
2025-11-20 15:50:45 -05:00