Date: Mon, 30 Jun 2003 00:37:41 -0400 (EDT) From: Andy Dills <andy@xecu.net> To: "Allan Jude - ShellFusion.net Administrator" <dukemaster@shellfusion.net> Cc: freebsd@psyxakias.com Subject: RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting Message-ID: <Pine.BSF.4.44.0306300028250.78038-100000@thunder.xecu.net> In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAA3vNgIV2eRU6CkFFWyc%2B0xAEAAAAA@shellfusion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Jun 2003, Allan Jude - ShellFusion.net Administrator wrote: > Using such 'limit src' firewall rules will not help you, my shell server > quickly overran the maximum number of dynamic rules, even increasing the > limit didn't make this plausable because there are 1000's of concurrent > connections at any one time. If your traffic is small enough, it might > be useful, but if you are using 10mb, or 100mb, it will easily blow your > firewall away Well, if you limit by individual IP, sure. Don't use a full mask; try something like 0xffff0000, so that it's limited per /16. Don't forget to sysctl net.inet.ip.dummynet.expire to 1, and don't be afraid to give net.inet.ip.fw.dyn_max a nice bump. Regardless, this isn't how you deal with a DDoS... Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0306300028250.78038-100000>