From owner-freebsd-questions@FreeBSD.ORG Wed Jan 3 16:23:43 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9E96E16A4A0 for ; Wed, 3 Jan 2007 16:23:43 +0000 (UTC) (envelope-from i18rabbit@cwazy.co.uk) Received: from ai1.anchorage.mtaonline.net (ai1.anchorage.mtaonline.net [12.21.201.252]) by mx1.freebsd.org (Postfix) with ESMTP id CCAB413C471 for ; Wed, 3 Jan 2007 16:23:38 +0000 (UTC) (envelope-from i18rabbit@cwazy.co.uk) Received: from en26.ai1.anchorage.mtaonline.net (root@en26 [192.168.0.26]) by ai1.anchorage.mtaonline.net (8.13.1/8.13.1) with ESMTP id l03GWIHL036375 for ; Wed, 3 Jan 2007 07:32:18 -0900 (AKST) (envelope-from i18rabbit@cwazy.co.uk) Received: (from abc@localhost) by en26.ai1.anchorage.mtaonline.net (8.13.1/8.13.1) id l03GGkAB025496; Wed, 3 Jan 2007 16:16:46 GMT (envelope-from i18rabbit@cwazy.co.uk) Date: Wed, 3 Jan 2007 16:16:46 GMT From: i18rabbit@cwazy.co.uk Message-Id: <200701031616.l03GGkAB025496@en26.ai1.anchorage.mtaonline.net> X-Authentication-Warning: en26.ai1.anchorage.mtaonline.net: abc set sender to i18rabbit@cwazy.co.uk using -f To: "freebsd-questions" X-Mailer: Umail v2.9.7 Cc: Subject: streaming/DOS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 16:23:43 -0000 i am interested in finding out the best ways to stop denial-of-service attacks on a live MP3 streaming server. the information presented has created a large group of people that work together to overwhelm the server whenever the radio broadcast streams. what is the most effective way to set up an MP3 live streaming server to automatically detect/block these kind of DOS attacks? i am not directly running the server, but it is possible that i may do so, and in the least, i do have an advisory capacity with the people that do (they are in the MS Windows world which i know nothing about), and i would be interested to know if FreeBSD has capabilities in this area that Windows servers do not. things i thought of as possibilities were setting up a free registration which would force attackers to re-register everytime they get banned - or some kind of bandwidth limiting thing that would disconnect IP's or 24-bit IP ranges if an IP downloaded too much too fast - i don't know all the possibilities, but it seems to me that it should be possible to recognize abusers and drop them from further HTTP connections. any ideas would be greatly appreciated, please ditto a copy of any replies off-list - thanks.