Date: Sat, 24 Nov 2007 10:37:40 -0500 From: Bill Moran <wmoran@potentialtech.com> To: Zhang Weiwu <zhangweiwu@realss.com> Cc: freebsd-questions@freebsd.org Subject: Re: how to fight concurrent connection DOS attack to FreeBSD ftpd? Message-ID: <20071124103740.952cc263.wmoran@potentialtech.com> In-Reply-To: <47483686.3030400@realss.com> References: <47483686.3030400@realss.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Zhang Weiwu <zhangweiwu@realss.com> wrote: > > The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of > ftpd process goes to several thousands. ps told me they are all accessed > from the same user. > > I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the > configuration file for ftpd(8). But creating /etc/ftpd.conf with "limit > all 10" doesn't help (system behaviour the same), seems ftpd ignored the > configuration file. It appears as if you're starting ftpd, but that config file is for lukemftpd. The documentation appears to be a mess. > I worry if ftpd.conf is REALLY the configuration of ftpd? because > ftpd.conf is not mentioned in ftpd(8) manual page. Usually the > configuration file of a daemon is always mentioned in the daemon manual > page. I expect you're correct. lukemftpd seems to support the options you're setting, but ftpd doesn't. On the other side, there doesn't seem to be an rc script for lukemftpd. > If ftpd.conf is not the right manual page to read, can you suggest which > configuration manual to read to fight back this attack? Thanks in advance! Probably copy /etc/rc.d/ftpd to /etc/rc.d/lukemftpd and edit it to adjust, then set the appropriate settings in /etc/rc.conf to run lukemftpd instead of ftpd. "man lukemftpd" brings up a different man page than "man ftpd" -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071124103740.952cc263.wmoran>