limiting connections per IP w/FreeBSD ftpd?
Maxim Konovalov
maxim at macomnet.ru
Fri May 30 06:38:33 PDT 2003
On 09:25-0400, May 30, 2003, Andrew Gallatin wrote:
>
> At my company, some bonehead (not sure if it was maliciousness or just
> a stupid customer), opened 60 simultaneous connections to our ftp
> server and totally swamped our T1. This is the second or third time
> this has happened recently.
>
> So I'm looking for some way to limit the number of connections per-IP.
> I understand this may be bad for sites behind NAT boxes, or for
> multiuser systems, and I don't want to start a thread debating its
> merits.
>
> I'd like to avoid downgrading to one of the swiss-army knife ftpds
> that always seems to have a vulnerability in the headlines, but I
> don't have time to hack FreeBSD ftpd myself.
>
> So: Does anybody have patches to allow FreeBSD's ftpd to limit
> connections per IP? Or am I stuck with proftpd or wuftpd
a) run ftpd from inetd -s<number>, man inetd;
b) ipfw2 limit src-addr, man ipfw.
--
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org
More information about the freebsd-net
mailing list