Thank you very much for everyone helped me. As a summary: 1. Bill Moran pointed out the mistake in ftpd.conf which should refer to lukemftpd (but referred to ftpd); He also suggested using lukemftpd in place of ftpd, but my ftpd is patched by myself and I prefer not to patch it again to lukemftpd (too few time now), thus I prefer keep using ftpd; 2. JD Bronson suggested using pf for controlling traffic, which is more powerful and can solve more problems, but takes a learning curve; 3. Quan Qiu gave an instant fix method, start ftpd from inetd.conf, which worked instantly solved my problem. I also need to give not only
nowait/50/10 But also nowait/50/10/10 Because the attacker is very determined, with "nowait/50/10" he makes sure I got 50 connections after 5 minutes, making other people not able to login. Quan Qiu wrote: > On Nov 24, 2007 10:34 PM, Zhang Weiwu <[EMAIL PROTECTED]> wrote: > >> I run a ftp site which is being attacked by someone who issue some 1000 >> concurrent connection for downloading as anonymous. How can I fight back? >> > > >> If ftpd.conf is not the right manual page to read, can you suggest which >> configuration manual to read to fight back this attack? Thanks in advance! >> >> > > > Try wrapping your ftpd using inetd. There are some limits to max child > processes and max connections per ip in inetd.conf(5). An example for > vsftpd: > > ftp stream tcp nowait/50/10 > root /usr/local/libexec/vsftpd vsftpd > > Refer to the inetd.conf(5) manpage for more. > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"