From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 11:03:20 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4F13C16A407; Thu, 4 Jan 2007 11:03:20 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.freebsd.org (Postfix) with ESMTP id CF21313C45B; Thu, 4 Jan 2007 11:03:19 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id l04AnRm1014103; Thu, 4 Jan 2007 12:49:27 +0200 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Thu, 4 Jan 2007 12:51:13 +0200 User-Agent: KMail/1.9.1 References: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net> In-Reply-To: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: 7bit Message-Id: <200701041251.14415.nvass@teledomenet.gr> Cc: i18rabbit@cwazy.co.uk, freebsd-questions Subject: Re: streaming/DOS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2007 11:03:20 -0000 On Wednesday 03 January 2007 18:16, i18rabbit@cwazy.co.uk wrote: > i am interested in finding out the best > ways to stop denial-of-service attacks > on a live MP3 streaming server. the > information presented has created a > large group of people that work > together to overwhelm the server > whenever the radio broadcast streams. > what is the most effective way to set > up an MP3 live streaming server to > automatically detect/block these > kind of DOS attacks? > > i am not directly running the server, > but it is possible that i may do so, > and in the least, i do have an > advisory capacity with the > people that do (they are in > the MS Windows world which > i know nothing about), and > i would be interested to know > if FreeBSD has capabilities in > this area that Windows servers > do not. > > things i thought of as possibilities > were setting up a free registration > which would force attackers to re-register > everytime they get banned - or some kind of > bandwidth limiting thing that would disconnect > IP's or 24-bit IP ranges if an IP downloaded > too much too fast - i don't know all the > possibilities, but it seems to me that > it should be possible to recognize > abusers and drop them from further > HTTP connections. > You can use ipfw and/or dummynet. You might want to limit: 1) the number of connections per IP address and/or port 2) bandwidth per IP address and/or port read the manual, search for "limit", "pipe" & "mask" http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html You can also use pf. You can limit the number of connections from an IP address per time period. ALTQ can help you manage the traffic, though I am not sure that it would be helpful in your case. Sections "Turning away the brutes" & "Directing traffic with ALTQ" are of interest. http://www.bgnett.no/~peter/pf/en/ Decide which one fits your needs and ask the list for further pointers/help. These suggestions can work transparently in your network i.e. you don't have to change anything/much. Just put a FreeBSD box in front of your streaming server. Hope this helps, Nikos