[SOLVED] Re: how to fight concurrent connection DOS attack to
FreeBSD ftpd?
Zhang Weiwu
zhangweiwu at realss.com
Sat Nov 24 08:37:03 PST 2007
Thank you very much for everyone helped me. As a summary:
1. Bill Moran pointed out the mistake in ftpd.conf which should refer
to lukemftpd (but referred to ftpd); He also suggested using
lukemftpd in place of ftpd, but my ftpd is patched by myself and I
prefer not to patch it again to lukemftpd (too few time now), thus
I prefer keep using ftpd;
2. JD Bronson suggested using pf for controlling traffic, which is
more powerful and can solve more problems, but takes a learning curve;
3. Quan Qiu gave an instant fix method, start ftpd from inetd.conf,
which worked instantly solved my problem. I also need to give not
only
nowait/50/10
But also
nowait/50/10/10
Because the attacker is very determined, with "nowait/50/10" he
makes sure I got 50 connections after 5 minutes, making other
people not able to login.
Quan Qiu wrote:
> On Nov 24, 2007 10:34 PM, Zhang Weiwu <zhangweiwu at realss.com> wrote:
>
>> I run a ftp site which is being attacked by someone who issue some 1000
>> concurrent connection for downloading as anonymous. How can I fight back?
>>
>
>
>> If ftpd.conf is not the right manual page to read, can you suggest which
>> configuration manual to read to fight back this attack? Thanks in advance!
>>
>>
>
>
> Try wrapping your ftpd using inetd. There are some limits to max child
> processes and max connections per ip in inetd.conf(5). An example for
> vsftpd:
>
> ftp stream tcp nowait/50/10
> root /usr/local/libexec/vsftpd vsftpd
>
> Refer to the inetd.conf(5) manpage for more.
>
>
More information about the freebsd-questions
mailing list