Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Jan 2007 12:51:13 +0200
From:      Nikos Vassiliadis <nvass@teledomenet.gr>
To:        freebsd-questions@freebsd.org
Cc:        i18rabbit@cwazy.co.uk, freebsd-questions <questions@freebsd.org>
Subject:   Re: streaming/DOS
Message-ID:  <200701041251.14415.nvass@teledomenet.gr>
In-Reply-To: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net>
References:  <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 January 2007 18:16, i18rabbit@cwazy.co.uk wrote:
> i am interested in finding out the best
> ways to stop denial-of-service attacks
> on a live MP3 streaming server.  the
> information presented has created a
> large group of people that work
> together to overwhelm the server
> whenever the radio broadcast streams.
> what is the most effective way to set
> up an MP3 live streaming server to
> automatically detect/block these
> kind of DOS attacks?
> 
> i am not directly running the server,
> but it is possible that i may do so,
> and in the least, i do have an
> advisory capacity with the
> people that do (they are in
> the MS Windows world which
> i know nothing about), and
> i would be interested to know
> if FreeBSD has capabilities in
> this area that Windows servers
> do not.
> 
> things i thought of as possibilities
> were setting up a free registration
> which would force attackers to re-register
> everytime they get banned - or some kind of
> bandwidth limiting thing that would disconnect
> IP's or 24-bit IP ranges if an IP downloaded
> too much too fast - i don't know all the
> possibilities, but it seems to me that
> it should be possible to recognize
> abusers and drop them from further
> HTTP connections. 
> 

You can use ipfw and/or dummynet. You might want to limit:
1) the number of connections per IP address and/or port
2) bandwidth per IP address and/or port
read the manual, search for "limit", "pipe" & "mask"
http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html

You can also use pf. You can limit the number of connections
from an IP address per time period. ALTQ can help you manage
the traffic, though I am not sure that it would be helpful in your
case. Sections "Turning away the brutes" & "Directing traffic
with ALTQ" are of interest.
http://www.bgnett.no/~peter/pf/en/

Decide which one fits your needs and ask the list for further
pointers/help. These suggestions can work transparently in
your network i.e. you don't have to change anything/much.
Just put a FreeBSD box in front of your streaming server.

Hope this helps, Nikos



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701041251.14415.nvass>