On 09:25-0400, May 30, 2003, Andrew Gallatin wrote: > > At my company, some bonehead (not sure if it was maliciousness or just > a stupid customer), opened 60 simultaneous connections to our ftp > server and totally swamped our T1. This is the second or third time > this has happened recently. > > So I'm looking for some way to limit the number of connections per-IP. > I understand this may be bad for sites behind NAT boxes, or for > multiuser systems, and I don't want to start a thread debating its > merits. > > I'd like to avoid downgrading to one of the swiss-army knife ftpds > that always seems to have a vulnerability in the headlines, but I > don't have time to hack FreeBSD ftpd myself. > > So: Does anybody have patches to allow FreeBSD's ftpd to limit > connections per IP? Or am I stuck with proftpd or wuftpd
a) run ftpd from inetd -s<number>, man inetd; b) ipfw2 limit src-addr, man ipfw. -- Maxim Konovalov, [EMAIL PROTECTED], [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
