sshit runs out of semaphores
Beech Rintoul
beech at freebsd.org
Tue Dec 2 12:53:34 PST 2008
On Tuesday 02 December 2008 04:54:27 Bill Moran wrote:
> In response to "DA Forsyth" <d.forsyth at ru.ac.za>:
> > Hiya
> >
> > I recently started (trying) to use sshit to filter the many brute
> > force sshd attacks.
> >
> > However, it has never worked on my box. FreeBSD 7.0 p1.
> >
> > This morning it would only give a message (without exiting)
> > Could not create semaphore set: No space left on device
> > at /usr/local/sbin/sshit line 322
> > Every time it gets stopped by CTRL-C it leaves the shared memory
> > behind, allocated.
>
> Have a look at ipcs and ipcrm, which will save you the reboots.
>
> > A side issue is that sshit will only filter rapid fire attacks, but I
> > am also seeing 'slow fire' attacks, where an IP is repeated every 2
> > or 3 hours, but there seem to be a network of attackers because the
> > name sequence is kept up across many incoming IP's. Is there any
> > script for countering these attacks?
> > If not I'll write one I think.
>
> My approach:
> http://www.potentialtech.com/cms/node/16
I use denyhosts which adds the IP to a file called hosts_deny.ssh. It will
keep the IP for however many days you set it for so a repeat even hours later
will just get bounced.
--
---------------------------------------------------------------------------------------
Beech Rintoul - FreeBSD Developer - beech at FreeBSD.org
/"\ ASCII Ribbon Campaign | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech
X - NO Word docs in e-mail | Skype: akbeech
/ \ - http://www.FreeBSD.org/releases/7.0R/announce.html
---------------------------------------------------------------------------------------
More information about the freebsd-questions
mailing list