Date: Sat, 24 Nov 2007 23:38:26 +0800 From: "Quan Qiu" <jackqq@gmail.com> To: "Zhang Weiwu" <zhangweiwu@realss.com> Cc: freebsd-questions@freebsd.org Subject: Re: how to fight concurrent connection DOS attack to FreeBSD ftpd? Message-ID: <53a565700711240738n1cecd432td03a9e00aa689d13@mail.gmail.com> In-Reply-To: <47483686.3030400@realss.com> References: <47483686.3030400@realss.com>
index | next in thread | previous in thread | raw e-mail
On Nov 24, 2007 10:34 PM, Zhang Weiwu <zhangweiwu@realss.com> wrote:
> I run a ftp site which is being attacked by someone who issue some 1000
> concurrent connection for downloading as anonymous. How can I fight back?
>
> If ftpd.conf is not the right manual page to read, can you suggest which
> configuration manual to read to fight back this attack? Thanks in advance!
>
Try wrapping your ftpd using inetd. There are some limits to max child
processes and max connections per ip in inetd.conf(5). An example for
vsftpd:
ftp stream tcp nowait/50/10
root /usr/local/libexec/vsftpd vsftpd
Refer to the inetd.conf(5) manpage for more.
--
裘佺 (QIU Quan) <jackqq@gmail.com>
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53a565700711240738n1cecd432td03a9e00aa689d13>