On Tuesday 02 December 2008 04:54:27 Bill Moran wrote: > In response to "DA Forsyth" <[EMAIL PROTECTED]>: > > Hiya > > > > I recently started (trying) to use sshit to filter the many brute > > force sshd attacks. > > > > However, it has never worked on my box. FreeBSD 7.0 p1. > > > > This morning it would only give a message (without exiting) > > Could not create semaphore set: No space left on device > > at /usr/local/sbin/sshit line 322 > > Every time it gets stopped by CTRL-C it leaves the shared memory > > behind, allocated. > > Have a look at ipcs and ipcrm, which will save you the reboots. > > > A side issue is that sshit will only filter rapid fire attacks, but I > > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > > or 3 hours, but there seem to be a network of attackers because the > > name sequence is kept up across many incoming IP's. Is there any > > script for countering these attacks? > > If not I'll write one I think. > > My approach: > http://www.potentialtech.com/cms/node/16
I use denyhosts which adds the IP to a file called hosts_deny.ssh. It will keep the IP for however many days you set it for so a repeat even hours later will just get bounced. -- --------------------------------------------------------------------------------------- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech X - NO Word docs in e-mail | Skype: akbeech / \ - http://www.FreeBSD.org/releases/7.0R/announce.html --------------------------------------------------------------------------------------- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
