sshit runs out of semaphores
Bill Moran
wmoran at potentialtech.com
Tue Dec 2 05:54:32 PST 2008
In response to "DA Forsyth" <d.forsyth at ru.ac.za>:
> Hiya
>
> I recently started (trying) to use sshit to filter the many brute
> force sshd attacks.
>
> However, it has never worked on my box. FreeBSD 7.0 p1.
>
> This morning it would only give a message (without exiting)
> Could not create semaphore set: No space left on device
> at /usr/local/sbin/sshit line 322
> Every time it gets stopped by CTRL-C it leaves the shared memory
> behind, allocated.
Have a look at ipcs and ipcrm, which will save you the reboots.
> A side issue is that sshit will only filter rapid fire attacks, but I
> am also seeing 'slow fire' attacks, where an IP is repeated every 2
> or 3 hours, but there seem to be a network of attackers because the
> name sequence is kept up across many incoming IP's. Is there any
> script for countering these attacks?
> If not I'll write one I think.
My approach:
http://www.potentialtech.com/cms/node/16
--
Bill Moran
http://www.potentialtech.com
More information about the freebsd-questions
mailing list