Re: sshit runs out of semaphores

In response to "DA Forsyth" <d.forsyth@xxxxxxxx>:


I recently started (trying) to use sshit to filter the many brute
force sshd attacks.

However, it has never worked on my box. FreeBSD 7.0 p1.

This morning it would only give a message (without exiting)
Could not create semaphore set: No space left on device
at /usr/local/sbin/sshit line 322
Every time it gets stopped by CTRL-C it leaves the shared memory
behind, allocated.

Have a look at ipcs and ipcrm, which will save you the reboots.

A side issue is that sshit will only filter rapid fire attacks, but I
am also seeing 'slow fire' attacks, where an IP is repeated every 2
or 3 hours, but there seem to be a network of attackers because the
name sequence is kept up across many incoming IP's. Is there any
script for countering these attacks?
If not I'll write one I think.

My approach:

Bill Moran
freebsd-questions@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"