how to fight concurrent connection DOS attack to FreeBSD ftpd?
wmoran at potentialtech.com
Sat Nov 24 07:38:08 PST 2007
Zhang Weiwu <zhangweiwu at realss.com> wrote:
> The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of
> ftpd process goes to several thousands. ps told me they are all accessed
> from the same user.
> I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the
> configuration file for ftpd(8). But creating /etc/ftpd.conf with "limit
> all 10" doesn't help (system behaviour the same), seems ftpd ignored the
> configuration file.
It appears as if you're starting ftpd, but that config file is for
lukemftpd. The documentation appears to be a mess.
> I worry if ftpd.conf is REALLY the configuration of ftpd? because
> ftpd.conf is not mentioned in ftpd(8) manual page. Usually the
> configuration file of a daemon is always mentioned in the daemon manual
I expect you're correct. lukemftpd seems to support the options you're
setting, but ftpd doesn't. On the other side, there doesn't seem to be
an rc script for lukemftpd.
> If ftpd.conf is not the right manual page to read, can you suggest which
> configuration manual to read to fight back this attack? Thanks in advance!
Probably copy /etc/rc.d/ftpd to /etc/rc.d/lukemftpd and edit it to adjust,
then set the appropriate settings in /etc/rc.conf to run lukemftpd instead
of ftpd. "man lukemftpd" brings up a different man page than "man ftpd"
More information about the freebsd-questions