Date: Wed, 13 Sep 2006 19:52:53 -0700 From: Chris <snagit@cbpratt.prohosting.com> To: freeBSD <freebsd-questions@freebsd.org> Subject: Under Attack: Bandwidth throttling on 5.2.1? Message-ID: <C214FC9E-0D29-44F0-B8F5-2116135A4AF1@cbpratt.prohosting.com>
next in thread | raw e-mail | index | archive | help
This is probably going to tax the memory. I'm sorry in advance. We observed 2 hangs and 3 crashes in the last 5 hours and finally after looking at the nature of the traffic, it appears to be little infested windows spybots from all over targeting our forums to attempt to reply to all messages with gambling and other spam. The referer in every case is a few obvious spam sites. We measured 33 pages per second and all invoking perl (well you can image the load). It's killed the system in several was I've never even seen. We shutdown on purpose for the first time in years which is pretty bad for business. I'm readying the quad opteron tyan to take down and shove in it's place since the T1 can't swamp it, but still building. The machine is a dual 3.0 xeon with 4G and Intel 1000/Pro on 5.2.1 with IPFW enabled. If I can configure throttling on this old a system, we could come back up I think and try ride out the attack. I've never done this before but in an earlier thread I saw where you configure a pipe such as: ipfw pipe 1 config bw 256Kbit/s ipfw add pipe 1 tcp from 192.168.1.2 80 then set sysctl.conf net.inet.ip.fw.one_pass=1 Is that is all that's necessary for this old a system or is there anything else. If this is correct, would this keep this fellow from crashing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C214FC9E-0D29-44F0-B8F5-2116135A4AF1>