Date: Sat, 24 Nov 2007 22:34:46 +0800 From: Zhang Weiwu <zhangweiwu@realss.com> To: freebsd-questions@freebsd.org Subject: how to fight concurrent connection DOS attack to FreeBSD ftpd? Message-ID: <47483686.3030400@realss.com>
next in thread | raw e-mail | index | archive | help
Dear all I run a ftp site which is being attacked by someone who issue some 1000 concurrent connection for downloading as anonymous. How can I fight back? The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of ftpd process goes to several thousands. ps told me they are all accessed from the same user. I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the configuration file for ftpd(8). But creating /etc/ftpd.conf with "limit all 10" doesn't help (system behaviour the same), seems ftpd ignored the configuration file. I worry if ftpd.conf is REALLY the configuration of ftpd? because ftpd.conf is not mentioned in ftpd(8) manual page. Usually the configuration file of a daemon is always mentioned in the daemon manual page. If ftpd.conf is not the right manual page to read, can you suggest which configuration manual to read to fight back this attack? Thanks in advance! Here is the diagnostic output after ftpd started 3 seconds: [root@exupery /home/zhangweiwu]# ps ax | grep ftpd 2028 ?? Ss 0:00.06 /usr/libexec/ftpd -D -l8 2035 ?? D 0:01.63 ftpd: 222.16.60.67: anonymous/IEUser@: RETR 18_æ\M^]\M^Næ\M^V¯ç\M^I¹_浪漫æ¨ 2043 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2044 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2045 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2048 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2049 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2050 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2051 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2052 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2053 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2055 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2057 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2059 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2063 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2065 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2069 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2070 ?? S 0:00.04 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2071 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2072 ?? S 0:00.04 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2074 ?? S 0:00.04 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2077 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: QUIT \r\n (ftpd) 2080 ?? S 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: RETR 18_æ\M^]\M^Næ\M^V¯ç\M^I¹_浪漫æ¨ 2081 ?? R 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: RETR 18_æ\M^]\M^Næ\M^V¯ç\M^I¹_浪漫æ¨ 2084 ?? R 0:00.03 ftpd: 222.16.60.67: anonymous/IEUser@: RETR 18_æ\M^]\M^Næ\M^V¯ç\M^I¹_浪漫æ¨ -- Real Softservice Huateng Tower, Unit 1788 Jia 302 3rd area of Jinsong, Chao Yang Tel: +86 (10) 8773 0650 ext 603 Mobile: 135 9950 2413 http://www.realss.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47483686.3030400>