Date: Tue, 2 Dec 2008 08:54:27 -0500 From: Bill Moran <wmoran@potentialtech.com> To: d.forsyth@ru.ac.za Cc: freebsd-questions@freebsd.org Subject: Re: sshit runs out of semaphores Message-ID: <20081202085427.ed5634d0.wmoran@potentialtech.com> In-Reply-To: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za> References: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to "DA Forsyth" <d.forsyth@ru.ac.za>: > Hiya > > I recently started (trying) to use sshit to filter the many brute > force sshd attacks. > > However, it has never worked on my box. FreeBSD 7.0 p1. > > This morning it would only give a message (without exiting) > Could not create semaphore set: No space left on device > at /usr/local/sbin/sshit line 322 > Every time it gets stopped by CTRL-C it leaves the shared memory > behind, allocated. Have a look at ipcs and ipcrm, which will save you the reboots. > A side issue is that sshit will only filter rapid fire attacks, but I > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > or 3 hours, but there seem to be a network of attackers because the > name sequence is kept up across many incoming IP's. Is there any > script for countering these attacks? > If not I'll write one I think. My approach: http://www.potentialtech.com/cms/node/16 -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081202085427.ed5634d0.wmoran>