sshit runs out of semaphores
Greg Larkin
glarkin at FreeBSD.org
Tue Dec 2 05:25:26 PST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
DA Forsyth wrote:
> Hiya
>
> I recently started (trying) to use sshit to filter the many brute
> force sshd attacks.
>
> However, it has never worked on my box. FreeBSD 7.0 p1.
>
> This morning it would only give a message (without exiting)
> Could not create semaphore set: No space left on device
> at /usr/local/sbin/sshit line 322
> Every time it gets stopped by CTRL-C it leaves the shared memory
> behind, allocated.
>
> I am going to reboot later and double the number of semaphores (in
> loader.conf).
> I am running hobbit which uses 8, leaving only 2 free. This may
> solve this issue, but I'd appreciate any ideas and experienced
> advice.
>
> A side issue is that sshit will only filter rapid fire attacks, but I
> am also seeing 'slow fire' attacks, where an IP is repeated every 2
> or 3 hours, but there seem to be a network of attackers because the
> name sequence is kept up across many incoming IP's. Is there any
> script for countering these attacks?
> If not I'll write one I think.
>
>
> --
> DA Fo rsyth Network Supervisor
> Principal Technical Officer -- Institute for Water Research
> http://www.ru.ac.za/institutes/iwr/
Hi DA,
I previously used sshit to defend against SSH brute-force attacks but
never saw the semaphore problem that you reported.
However, I recently switched to sshguard for other reasons, and it has
worked well for defending against both high-speed and slow-speed
attacks. You can get more information here:
http://sshguard.sourceforge.net/
http://www.freshports.org/security/sshguard-ipfw/
Hope that helps,
Greg
- --
Greg Larkin
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJNTdC0sRouByUApARAt/uAKCkRzJ7f67aKhBxQNRrI9gI7eRu3QCeL+tA
2hG4DfmVSHFgOO+GvUiNniM=
=oAa+
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list