From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 15:38:08 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EE0116A420 for ; Sat, 24 Nov 2007 15:38:08 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 046D913C459 for ; Sat, 24 Nov 2007 15:38:07 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from working (c-71-60-127-199.hsd1.pa.comcast.net [71.60.127.199]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTP id 98464EBC3B; Sat, 24 Nov 2007 10:37:54 -0500 (EST) Date: Sat, 24 Nov 2007 10:37:40 -0500 From: Bill Moran To: Zhang Weiwu Message-Id: <20071124103740.952cc263.wmoran@potentialtech.com> In-Reply-To: <47483686.3030400@realss.com> References: <47483686.3030400@realss.com> X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: how to fight concurrent connection DOS attack to FreeBSD ftpd? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 15:38:08 -0000 Zhang Weiwu wrote: > > The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of > ftpd process goes to several thousands. ps told me they are all accessed > from the same user. > > I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the > configuration file for ftpd(8). But creating /etc/ftpd.conf with "limit > all 10" doesn't help (system behaviour the same), seems ftpd ignored the > configuration file. It appears as if you're starting ftpd, but that config file is for lukemftpd. The documentation appears to be a mess. > I worry if ftpd.conf is REALLY the configuration of ftpd? because > ftpd.conf is not mentioned in ftpd(8) manual page. Usually the > configuration file of a daemon is always mentioned in the daemon manual > page. I expect you're correct. lukemftpd seems to support the options you're setting, but ftpd doesn't. On the other side, there doesn't seem to be an rc script for lukemftpd. > If ftpd.conf is not the right manual page to read, can you suggest which > configuration manual to read to fight back this attack? Thanks in advance! Probably copy /etc/rc.d/ftpd to /etc/rc.d/lukemftpd and edit it to adjust, then set the appropriate settings in /etc/rc.conf to run lukemftpd instead of ftpd. "man lukemftpd" brings up a different man page than "man ftpd" -- Bill Moran http://www.potentialtech.com