From owner-freebsd-net@FreeBSD.ORG  Fri May 30 06:25:38 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2FDEE37B401
	for <freebsd-net@freebsd.org>; Fri, 30 May 2003 06:25:38 -0700 (PDT)
Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 667A643F75
	for <freebsd-net@freebsd.org>; Fri, 30 May 2003 06:25:37 -0700 (PDT)
	(envelope-from gallatin@cs.duke.edu)
Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu
	[152.3.145.30])
	by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h4UDPa29002168
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <freebsd-net@freebsd.org>; Fri, 30 May 2003 09:25:36 -0400 (EDT)
Received: (from gallatin@localhost)
	by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h4UDPVS37360;
	Fri, 30 May 2003 09:25:31 -0400 (EDT)
	(envelope-from gallatin@cs.duke.edu)
From: Andrew Gallatin <gallatin@cs.duke.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16087.23499.422415.378026@grasshopper.cs.duke.edu>
Date: Fri, 30 May 2003 09:25:31 -0400 (EDT)
To: freebsd-net@freebsd.org
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Subject: limiting connections per IP w/FreeBSD ftpd?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2003 13:25:38 -0000


At my company, some bonehead (not sure if it was maliciousness or just
a stupid customer), opened 60 simultaneous connections to our ftp
server and totally swamped our T1.    This is the second or third time
this has happened recently.

So I'm looking for some way to limit the number of connections per-IP.
I understand this may be bad for sites behind NAT boxes, or for
multiuser systems, and I don't want to start a thread debating its
merits.  

I'd like to avoid downgrading to one of the swiss-army knife ftpds
that always seems to have a vulnerability in the headlines, but I
don't have time to hack FreeBSD ftpd myself.

So: Does anybody have patches to allow FreeBSD's ftpd to limit
connections per IP?  Or am I stuck with proftpd or wuftpd

Thanks,

Drew