Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Jun 2003 00:37:41 -0400 (EDT)
From:      Andy Dills <andy@xecu.net>
To:        "Allan Jude - ShellFusion.net Administrator" <dukemaster@shellfusion.net>
Cc:        freebsd@psyxakias.com
Subject:   RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting
Message-ID:  <Pine.BSF.4.44.0306300028250.78038-100000@thunder.xecu.net>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAA3vNgIV2eRU6CkFFWyc%2B0xAEAAAAA@shellfusion.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Jun 2003, Allan Jude - ShellFusion.net Administrator wrote:

> Using such 'limit src' firewall rules will not help you, my shell server
> quickly overran the maximum number of dynamic rules, even increasing the
> limit didn't make this plausable because there are 1000's of concurrent
> connections at any one time. If your traffic is small enough, it might
> be useful, but if you are using 10mb, or 100mb, it will easily blow your
> firewall away

Well, if you limit by individual IP, sure.

Don't use a full mask; try something like 0xffff0000, so that it's
limited per /16.

Don't forget to sysctl net.inet.ip.dummynet.expire to 1, and don't be
afraid to give net.inet.ip.fw.dyn_max a nice bump.


Regardless, this isn't how you deal with a DDoS...

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0306300028250.78038-100000>