From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 15:49:27 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4ABF316A419 for ; Sat, 24 Nov 2007 15:49:27 +0000 (UTC) (envelope-from jbronson@sixcompanies.com) Received: from cheyenne.hanadarko.com (75-9-98-151.lightspeed.milwwi.sbcglobal.net [75.9.98.151]) by mx1.freebsd.org (Postfix) with ESMTP id 366C413C46A for ; Sat, 24 Nov 2007 15:49:27 +0000 (UTC) (envelope-from jbronson@sixcompanies.com) Date: Sat, 24 Nov 2007 09:29:56 -0600 To: Zhang Weiwu From: JD Bronson In-Reply-To: <47483686.3030400@realss.com> References: <47483686.3030400@realss.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20071124152956.49C20DA839@cheyenne.hanadarko.com> Cc: freebsd-questions@freebsd.org Subject: Re: how to fight concurrent connection DOS attack to FreeBSD ftpd? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 15:49:27 -0000 At 10:34 PM 11/24/2007 +0800, Zhang Weiwu wrote: >Dear all > >I run a ftp site which is being attacked by someone who issue some 1000 >concurrent connection for downloading as anonymous. How can I fight back? how about controlling access via pf? you can limit the number of connections from the SAME IP and/or number of connections from the SAME IP over a given time... Or just block the IP and be done with it? We use this method for controlling attacks on SSH port 22 but it could also be used for any type of needed control. the items of value under pf are: max-src-conn max-src-conn-rate flush flush global hth -JD