Date: Tue, 02 Dec 2008 08:25:22 -0500 From: Greg Larkin <glarkin@FreeBSD.org> To: d.forsyth@ru.ac.za Cc: freebsd-questions@freebsd.org Subject: Re: sshit runs out of semaphores Message-ID: <49353742.9050400@FreeBSD.org> In-Reply-To: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za> References: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DA Forsyth wrote: > Hiya > > I recently started (trying) to use sshit to filter the many brute > force sshd attacks. > > However, it has never worked on my box. FreeBSD 7.0 p1. > > This morning it would only give a message (without exiting) > Could not create semaphore set: No space left on device > at /usr/local/sbin/sshit line 322 > Every time it gets stopped by CTRL-C it leaves the shared memory > behind, allocated. > > I am going to reboot later and double the number of semaphores (in > loader.conf). > I am running hobbit which uses 8, leaving only 2 free. This may > solve this issue, but I'd appreciate any ideas and experienced > advice. > > A side issue is that sshit will only filter rapid fire attacks, but I > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > or 3 hours, but there seem to be a network of attackers because the > name sequence is kept up across many incoming IP's. Is there any > script for countering these attacks? > If not I'll write one I think. > > > -- > DA Fo rsyth Network Supervisor > Principal Technical Officer -- Institute for Water Research > http://www.ru.ac.za/institutes/iwr/ Hi DA, I previously used sshit to defend against SSH brute-force attacks but never saw the semaphore problem that you reported. However, I recently switched to sshguard for other reasons, and it has worked well for defending against both high-speed and slow-speed attacks. You can get more information here: http://sshguard.sourceforge.net/ http://www.freshports.org/security/sshguard-ipfw/ Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNTdC0sRouByUApARAt/uAKCkRzJ7f67aKhBxQNRrI9gI7eRu3QCeL+tA 2hG4DfmVSHFgOO+GvUiNniM= =oAa+ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49353742.9050400>