From owner-freebsd-net@FreeBSD.ORG  Fri May 30 06:38:33 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D27AC37B401
	for <freebsd-net@freebsd.org>; Fri, 30 May 2003 06:38:32 -0700 (PDT)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7FF5843FE0
	for <freebsd-net@freebsd.org>; Fri, 30 May 2003 06:38:31 -0700 (PDT)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h4UDcLb6173836;
	Fri, 30 May 2003 17:38:21 +0400 (MSD)
Date: Fri, 30 May 2003 17:38:21 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Andrew Gallatin <gallatin@cs.duke.edu>
In-Reply-To: <16087.23499.422415.378026@grasshopper.cs.duke.edu>
Message-ID: <20030530173609.L69032@news1.macomnet.ru>
References: <16087.23499.422415.378026@grasshopper.cs.duke.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@freebsd.org
Subject: Re: limiting connections per IP w/FreeBSD ftpd?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2003 13:38:33 -0000

On 09:25-0400, May 30, 2003, Andrew Gallatin wrote:

>
> At my company, some bonehead (not sure if it was maliciousness or just
> a stupid customer), opened 60 simultaneous connections to our ftp
> server and totally swamped our T1.    This is the second or third time
> this has happened recently.
>
> So I'm looking for some way to limit the number of connections per-IP.
> I understand this may be bad for sites behind NAT boxes, or for
> multiuser systems, and I don't want to start a thread debating its
> merits.
>
> I'd like to avoid downgrading to one of the swiss-army knife ftpds
> that always seems to have a vulnerability in the headlines, but I
> don't have time to hack FreeBSD ftpd myself.
>
> So: Does anybody have patches to allow FreeBSD's ftpd to limit
> connections per IP?  Or am I stuck with proftpd or wuftpd

a) run ftpd from inetd -s<number>, man inetd;

b) ipfw2 limit src-addr, man ipfw.

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org