Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Jun 2003 00:37:41 -0400 (EDT)
From:      Andy Dills <>
To:        "Allan Jude - Administrator" <>
Subject:   RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting
Message-ID:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sun, 29 Jun 2003, Allan Jude - Administrator wrote:

> Using such 'limit src' firewall rules will not help you, my shell server
> quickly overran the maximum number of dynamic rules, even increasing the
> limit didn't make this plausable because there are 1000's of concurrent
> connections at any one time. If your traffic is small enough, it might
> be useful, but if you are using 10mb, or 100mb, it will easily blow your
> firewall away

Well, if you limit by individual IP, sure.

Don't use a full mask; try something like 0xffff0000, so that it's
limited per /16.

Don't forget to sysctl net.inet.ip.dummynet.expire to 1, and don't be
afraid to give net.inet.ip.fw.dyn_max a nice bump.

Regardless, this isn't how you deal with a DDoS...


Andy Dills
Xecunet, Inc.

Want to link to this message? Use this URL: <>