how to fight concurrent connection DOS attack to FreeBSD ftpd?

Bill Moran wmoran at
Sat Nov 24 07:38:08 PST 2007

Zhang Weiwu <zhangweiwu at> wrote:
> The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of
> ftpd process goes to several thousands. ps told me they are all accessed
> from the same user.
> I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the
> configuration file for ftpd(8). But creating /etc/ftpd.conf with "limit
> all 10" doesn't help (system behaviour the same), seems ftpd ignored the
> configuration file.

It appears as if you're starting ftpd, but that config file is for
lukemftpd.  The documentation appears to be a mess.

> I worry if ftpd.conf is REALLY the configuration of ftpd? because
> ftpd.conf is not mentioned in ftpd(8) manual page. Usually the
> configuration file of a daemon is always mentioned in the daemon manual
> page.

I expect you're correct.  lukemftpd seems to support the options you're
setting, but ftpd doesn't.  On the other side, there doesn't seem to be
an rc script for lukemftpd.

> If ftpd.conf is not the right manual page to read, can you suggest which
> configuration manual to read to fight back this attack? Thanks in advance!

Probably copy /etc/rc.d/ftpd to /etc/rc.d/lukemftpd and edit it to adjust,
then set the appropriate settings in /etc/rc.conf to run lukemftpd instead
of ftpd.  "man lukemftpd" brings up a different man page than "man ftpd"

Bill Moran

More information about the freebsd-questions mailing list