Re: Under Attack: Bandwidth throttling on 5.2.1?
Chris wrote:
This is probably going to tax the memory. I'm sorry in advance.
We observed 2 hangs and 3 crashes in the last 5 hours and finally
after looking at the nature of the traffic, it appears to be little
infested windows spybots from all over targeting our forums to
attempt to reply to all messages with gambling and other spam. The
referer in every case is a few obvious spam sites. We measured 33
pages per second and all invoking perl (well you can image the load).
It's killed the system in several was I've never even seen. We
shutdown on purpose for the first time in years which is pretty bad
for business. I'm readying the quad opteron tyan to take down and
shove in it's place since the T1 can't swamp it, but still building.
The machine is a dual 3.0 xeon with 4G and Intel 1000/Pro on 5.2.1
with IPFW enabled. If I can configure throttling on this old a
system, we could come back up I think and try ride out the attack.
I've never done this before but in an earlier thread I saw where you
configure a pipe such as:
ipfw pipe 1 config bw 256Kbit/s
ipfw add pipe 1 tcp from 192.168.1.2 80
then set sysctl.conf
net.inet.ip.fw.one_pass=1
Is that is all that's necessary for this old a system or is there
anything else. If this is correct, would this keep this fellow from
crashing
To use traffic shaping with IPFW you have to compile the kernel with the
following options:
options DUMMYNET
options HZ=1000
then you can add some lines like these to make your bandwidth limit to work:
#first flush all the previous pipes
ipfw -q -f pipe flush
ipfw pipe 1 config bw 256Kbit/s
ipfw add pipe 1 tcp from any to any
usually we use two pipes, one for download and one for upload so you can
try something like this:
#first flush all the previous pipes
ipfw -q -f pipe flush
#upload bandwidth+download bandwidth=total bandwidth
#pipe for upload
ipfw pipe 1 config bw 128Kbit/s
#pipe for download
ipfw pipe 2 config bw 256Kbit/s
server_port=20,21,80,443,995,...,etc
internal_network=192.168.0.0
#config upload
ipfw add pipe 1 tcp from $internal_network to any $server_port
#config upload
ipfw add pipe 2 tcp from any $server_port to $internal_network
The variables server_port and internal_network are examples of
course... :-)
If you are running natd on your machine the you have to put rules AFTER
the divert natd rule like these:
ipfw add pipe 1 tcp from {external_ip} to any $server_port
ipfw add pipe 2 tcp from any $server_port to $internal_network
The net.inet.ip.fw.one_pass=1 must be set if you want your traffic to
pass from pipes and not continue at next rules
Sorry for my bad english
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Under Attack: Bandwidth throttling on 5.2.1?
On Sep 14, 2006, at 12:53 PM, Panagiotis wrote:
Chris wrote:
...system, we could come back up I think and try ride out the
attack. I've never done this before but in an earlier thread I
saw where you configure a pipe such as:
ipfw pipe 1 config bw 256Kbit/s
ipfw add pipe 1 tcp from 192.168.1.2 80
then set sysctl.conf
net.inet.ip.fw.one_pass=1
Is that is all that's necessary for this old a system or is there
anything else. If this is correct, would this keep this fellow
from crashing
To use traffic shaping with IPFW you have to compile the kernel
with the following options:
options DUMMYNET
options HZ=1000
then you can add some lines like these to make your bandwidth limit
to work:
#first flush all the previous pipes
ipfw -q -f pipe flush
ipfw pipe 1 config bw 256Kbit/s
ipfw add pipe 1 tcp from any to any
usually we use two pipes, one for download and one for upload so
you can try something like this:
#first flush all the previous pipes
ipfw -q -f pipe flush
#upload bandwidth+download bandwidth=total bandwidth
#pipe for upload
ipfw pipe 1 config bw 128Kbit/s
#pipe for download
ipfw pipe 2 config bw 256Kbit/s
server_port=20,21,80,443,995,...,etc
internal_network=192.168.0.0
#config upload
ipfw add pipe 1 tcp from $internal_network to any $server_port
#config upload
ipfw add pipe 2 tcp from any $server_port to $internal_network
The variables server_port and internal_network are examples of
course... :-)
If you are running natd on your machine the you have to put rules
AFTER the divert natd rule like these:
ipfw add pipe 1 tcp from {external_ip} to any $server_port
ipfw add pipe 2 tcp from any $server_port to $internal_network
The net.inet.ip.fw.one_pass=1 must be set if you want your traffic
to pass from pipes and not continue at next rules
Sorry for my bad english
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-
[EMAIL PROTECTED]
Thank you very much. Even rejecting the requests by referer has only
lessened the impact on the system and we are occasionally rebooting.
It has not let up all night. I will implement. Thank you again.
Chris
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Under Attack: Bandwidth throttling on 5.2.1?
This is probably going to tax the memory. I'm sorry in advance. We observed 2 hangs and 3 crashes in the last 5 hours and finally after looking at the nature of the traffic, it appears to be little infested windows spybots from all over targeting our forums to attempt to reply to all messages with gambling and other spam. The referer in every case is a few obvious spam sites. We measured 33 pages per second and all invoking perl (well you can image the load). It's killed the system in several was I've never even seen. We shutdown on purpose for the first time in years which is pretty bad for business. I'm readying the quad opteron tyan to take down and shove in it's place since the T1 can't swamp it, but still building. The machine is a dual 3.0 xeon with 4G and Intel 1000/Pro on 5.2.1 with IPFW enabled. If I can configure throttling on this old a system, we could come back up I think and try ride out the attack. I've never done this before but in an earlier thread I saw where you configure a pipe such as: ipfw pipe 1 config bw 256Kbit/s ipfw add pipe 1 tcp from 192.168.1.2 80 then set sysctl.conf net.inet.ip.fw.one_pass=1 Is that is all that's necessary for this old a system or is there anything else. If this is correct, would this keep this fellow from crashing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
