From owner-freebsd-questions@FreeBSD.ORG Tue Dec 2 20:53:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAF9C1065673 for ; Tue, 2 Dec 2008 20:53:34 +0000 (UTC) (envelope-from beech@freebsd.org) Received: from bsdevel.alaskaparadise.com (bsdevel.alaskaparadise.com [208.86.224.193]) by mx1.freebsd.org (Postfix) with ESMTP id A57CC8FC13 for ; Tue, 2 Dec 2008 20:53:34 +0000 (UTC) (envelope-from beech@freebsd.org) Received: from stargate.alaskaparadise.com (172-67-237-24.gci.net [24.237.67.172]) by bsdevel.alaskaparadise.com (Postfix) with ESMTP id 283BA28E289B; Tue, 2 Dec 2008 20:53:34 +0000 (UTC) From: Beech Rintoul Organization: FreeBSD To: freebsd-questions@freebsd.org Date: Tue, 2 Dec 2008 11:53:33 -0900 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <49354C7C.9611.68C7120@d.forsyth.ru.ac.za> <20081202085427.ed5634d0.wmoran@potentialtech.com> In-Reply-To: <20081202085427.ed5634d0.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200812021153.33518.beech@freebsd.org> Cc: d.forsyth@ru.ac.za, Bill Moran Subject: Re: sshit runs out of semaphores X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2008 20:53:34 -0000 On Tuesday 02 December 2008 04:54:27 Bill Moran wrote: > In response to "DA Forsyth" : > > Hiya > > > > I recently started (trying) to use sshit to filter the many brute > > force sshd attacks. > > > > However, it has never worked on my box. FreeBSD 7.0 p1. > > > > This morning it would only give a message (without exiting) > > Could not create semaphore set: No space left on device > > at /usr/local/sbin/sshit line 322 > > Every time it gets stopped by CTRL-C it leaves the shared memory > > behind, allocated. > > Have a look at ipcs and ipcrm, which will save you the reboots. > > > A side issue is that sshit will only filter rapid fire attacks, but I > > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > > or 3 hours, but there seem to be a network of attackers because the > > name sequence is kept up across many incoming IP's. Is there any > > script for countering these attacks? > > If not I'll write one I think. > > My approach: > http://www.potentialtech.com/cms/node/16 I use denyhosts which adds the IP to a file called hosts_deny.ssh. It will keep the IP for however many days you set it for so a repeat even hours later will just get bounced. -- --------------------------------------------------------------------------------------- Beech Rintoul - FreeBSD Developer - beech@FreeBSD.org /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech X - NO Word docs in e-mail | Skype: akbeech / \ - http://www.FreeBSD.org/releases/7.0R/announce.html ---------------------------------------------------------------------------------------