Date: Fri, 30 May 2003 17:38:21 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: Andrew Gallatin <gallatin@cs.duke.edu> Cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? Message-ID: <20030530173609.L69032@news1.macomnet.ru> In-Reply-To: <16087.23499.422415.378026@grasshopper.cs.duke.edu> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09:25-0400, May 30, 2003, Andrew Gallatin wrote: > > At my company, some bonehead (not sure if it was maliciousness or just > a stupid customer), opened 60 simultaneous connections to our ftp > server and totally swamped our T1. This is the second or third time > this has happened recently. > > So I'm looking for some way to limit the number of connections per-IP. > I understand this may be bad for sites behind NAT boxes, or for > multiuser systems, and I don't want to start a thread debating its > merits. > > I'd like to avoid downgrading to one of the swiss-army knife ftpds > that always seems to have a vulnerability in the headlines, but I > don't have time to hack FreeBSD ftpd myself. > > So: Does anybody have patches to allow FreeBSD's ftpd to limit > connections per IP? Or am I stuck with proftpd or wuftpd a) run ftpd from inetd -s<number>, man inetd; b) ipfw2 limit src-addr, man ipfw. -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030530173609.L69032>