Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Nov 2007 00:36:48 +0800
From:      Zhang Weiwu <zhangweiwu@realss.com>
To:        freebsd-questions@freebsd.org
Cc:        Quan Qiu <jackqq@gmail.com>
Subject:   [SOLVED] Re: how to fight concurrent connection DOS attack to FreeBSD ftpd?
Message-ID:  <47485320.1070002@realss.com>
In-Reply-To: <53a565700711240738n1cecd432td03a9e00aa689d13@mail.gmail.com>
References:  <47483686.3030400@realss.com> <53a565700711240738n1cecd432td03a9e00aa689d13@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thank you very much for everyone helped me. As a summary:

   1. Bill Moran pointed out the mistake in ftpd.conf which should refer
      to lukemftpd (but referred to ftpd); He also suggested using
      lukemftpd in place of ftpd, but my ftpd is patched by myself and I
      prefer not to patch it again to lukemftpd (too few time now), thus
      I prefer keep using ftpd;
   2. JD Bronson suggested using pf for controlling traffic, which is
      more powerful and can solve more problems, but takes a learning curve;
   3. Quan Qiu gave an instant fix method, start ftpd from inetd.conf,
      which worked instantly solved my problem. I also need to give not
      only

      nowait/50/10

      But also

      nowait/50/10/10
          

      Because the attacker is very determined, with "nowait/50/10" he
      makes sure I got 50 connections after 5 minutes, making other
      people not able to login.


Quan Qiu wrote:
> On Nov 24, 2007 10:34 PM, Zhang Weiwu <zhangweiwu@realss.com> wrote:
>   
>> I run a ftp site which is being attacked by someone who issue some 1000
>> concurrent connection for downloading as anonymous. How can I fight back?
>>     
>
>   
>> If ftpd.conf is not the right manual page to read, can you suggest which
>> configuration manual to read to fight back this attack? Thanks in advance!
>>
>>     
>
>
> Try wrapping your ftpd using inetd. There are some limits to max child
> processes and max connections per ip in inetd.conf(5). An example for
> vsftpd:
>
> ftp     stream  tcp     nowait/50/10
>         root    /usr/local/libexec/vsftpd       vsftpd
>
> Refer to the inetd.conf(5) manpage for more.
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47485320.1070002>