From owner-freebsd-questions@FreeBSD.ORG  Tue Dec  2 12:56:00 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CD99F1065670
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Dec 2008 12:56:00 +0000 (UTC)
	(envelope-from D.Forsyth@ru.ac.za)
Received: from f.mail.ru.ac.za (f.mail.ru.ac.za [IPv6:2001:4200:1010::25:6])
	by mx1.freebsd.org (Postfix) with ESMTP id 10E788FC13
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Dec 2008 12:56:00 +0000 (UTC)
	(envelope-from D.Forsyth@ru.ac.za)
Received: from iwr.ru.ac.za ([146.231.64.249]:60835)
	by f.mail.ru.ac.za with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <D.Forsyth@ru.ac.za>) id 1L7UnF-000O9N-1m
	for freebsd-questions@freebsd.org; Tue, 02 Dec 2008 14:55:57 +0200
Received: from iwr61.iwr.ru.ac.za ([146.231.64.161])
	by iwr.ru.ac.za with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <D.Forsyth@ru.ac.za>) id 1L7UnF-0002C1-1B
	for freebsd-questions@freebsd.org; Tue, 02 Dec 2008 14:55:57 +0200
From: "DA Forsyth" <d.forsyth@ru.ac.za>
Organization: IWR
To: freebsd-questions@freebsd.org
Date: Tue, 02 Dec 2008 14:55:56 +0200
MIME-Version: 1.0
Message-ID: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.41)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Virus-Scanned: f.mail.ru.ac.za (146.231.129.38)
Subject: sshit runs out of semaphores
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: d.forsyth@ru.ac.za
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2008 12:56:00 -0000

Hiya

I recently started (trying) to use sshit to filter the many brute 
force sshd attacks.

However, it has never worked on my box.  FreeBSD 7.0 p1.

This morning it would only give a message (without exiting)
   Could not create semaphore set: No space left on device
    at /usr/local/sbin/sshit line 322
Every time it gets stopped by CTRL-C it leaves the shared memory 
behind, allocated.

I am going to reboot later and double the number of semaphores (in 
loader.conf).
I am running hobbit which uses 8, leaving only 2 free.  This may 
solve this issue, but I'd appreciate any ideas and experienced 
advice.

A side issue is that sshit will only filter rapid fire attacks, but I 
am also seeing 'slow fire' attacks, where an IP is repeated every 2 
or 3 hours, but there seem to be a network of attackers because the 
name sequence is kept up across many incoming IP's.  Is there any 
script for countering these attacks?
If not I'll write one I think.


--
       DA Fo rsyth            Network Supervisor
Principal Technical Officer -- Institute for Water Research
http://www.ru.ac.za/institutes/iwr/