Date: Thu, 4 Jan 2007 12:51:13 +0200 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: i18rabbit@cwazy.co.uk, freebsd-questions <questions@freebsd.org> Subject: Re: streaming/DOS Message-ID: <200701041251.14415.nvass@teledomenet.gr> In-Reply-To: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net> References: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 January 2007 18:16, i18rabbit@cwazy.co.uk wrote: > i am interested in finding out the best > ways to stop denial-of-service attacks > on a live MP3 streaming server. the > information presented has created a > large group of people that work > together to overwhelm the server > whenever the radio broadcast streams. > what is the most effective way to set > up an MP3 live streaming server to > automatically detect/block these > kind of DOS attacks? > > i am not directly running the server, > but it is possible that i may do so, > and in the least, i do have an > advisory capacity with the > people that do (they are in > the MS Windows world which > i know nothing about), and > i would be interested to know > if FreeBSD has capabilities in > this area that Windows servers > do not. > > things i thought of as possibilities > were setting up a free registration > which would force attackers to re-register > everytime they get banned - or some kind of > bandwidth limiting thing that would disconnect > IP's or 24-bit IP ranges if an IP downloaded > too much too fast - i don't know all the > possibilities, but it seems to me that > it should be possible to recognize > abusers and drop them from further > HTTP connections. > You can use ipfw and/or dummynet. You might want to limit: 1) the number of connections per IP address and/or port 2) bandwidth per IP address and/or port read the manual, search for "limit", "pipe" & "mask" http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html You can also use pf. You can limit the number of connections from an IP address per time period. ALTQ can help you manage the traffic, though I am not sure that it would be helpful in your case. Sections "Turning away the brutes" & "Directing traffic with ALTQ" are of interest. http://www.bgnett.no/~peter/pf/en/ Decide which one fits your needs and ask the list for further pointers/help. These suggestions can work transparently in your network i.e. you don't have to change anything/much. Just put a FreeBSD box in front of your streaming server. Hope this helps, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701041251.14415.nvass>