Dear all
I run a ftp site which is being attacked by someone who issue some 1000
concurrent connection for downloading as anonymous. How can I fight back?
The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of
ftpd process goes to several thousands. ps told me they are all
Zhang Weiwu [EMAIL PROTECTED] wrote:
The behaviour is like this: after '#/etc/rc.d/ftpd start', the number of
ftpd process goes to several thousands. ps told me they are all accessed
from the same user.
I read the manual and found ftpd.conf(5) says /etc/ftpd.conf is the
configuration file
At 10:34 PM 11/24/2007 +0800, Zhang Weiwu wrote:
Dear all
I run a ftp site which is being attacked by someone who issue some 1000
concurrent connection for downloading as anonymous. How can I fight back?
how about controlling access via pf?
you can limit the number of connections from the
On Nov 24, 2007 10:34 PM, Zhang Weiwu [EMAIL PROTECTED] wrote:
I run a ftp site which is being attacked by someone who issue some 1000
concurrent connection for downloading as anonymous. How can I fight back?
If ftpd.conf is not the right manual page to read, can you suggest which
Thank you very much for everyone helped me. As a summary:
1. Bill Moran pointed out the mistake in ftpd.conf which should refer
to lukemftpd (but referred to ftpd); He also suggested using
lukemftpd in place of ftpd, but my ftpd is patched by myself and I
prefer not to patch
I had a server reboot itself twice in close succession in the middle
of the night, after a long uptime. This server had not reboot itself
in ages (years) -- all previous boots were controlled.
The syslog has the following in it a half hour or so prior to the
first boot (the first line or
On 5/16/05, Chad Leigh -- Shire.Net LLC [EMAIL PROTECTED] wrote:
I had a server reboot itself twice in close succession in the middle
of the night, after a long uptime. This server had not reboot itself
in ages (years) -- all previous boots were controlled.
The syslog has the following in
On Mon, May 16, 2005 at 08:26:58AM -0600, Chad Leigh -- Shire.Net LLC wrote:
May 16 03:14:59 crickhollow /kernel: arp: 166.70.252.252 moved from
00:20:ed:16:b9:07 to 00:20:ed:56:b9:07 on dc0
[...]
The address 166.70.252.252 is on another server that has not
changed at all and is on a
On May 16, 2005, at 9:44 AM, David Kelly wrote:
On Mon, May 16, 2005 at 08:26:58AM -0600, Chad Leigh -- Shire.Net
LLC wrote:
May 16 03:14:59 crickhollow /kernel: arp: 166.70.252.252 moved from
00:20:ed:16:b9:07 to 00:20:ed:56:b9:07 on dc0
[...]
The address 166.70.252.252 is on another server
On Mon, 16 May 2005 08:26:58 -0600
"Chad Leigh -- Shire.Net LLC" [EMAIL PROTECTED] wrote
[...]
May 16 02:20:00 crickhollow named[87025]: zone 22.63.209.in-addr.arpa/
IN: loading master file ptr.209.63.22: file not found
May 16 02:33:31 crickhollow /kernel: Limiting icmp unreach
Dear security
i got a DoS attack, how i can stop it ?
note:
i have a lan network in my home, and DSL connection which is connected
to the
hub direct, and i have 3 pc's.
thanks
_
Tired of spam? Get advanced junk mail protection
At 03:41 AM 8.28.2003 +0300, ZaiD Dashti wrote:
Dear security
i got a DoS attack, how i can stop it ?
note:
i have a lan network in my home, and DSL connection which is connected
to the
hub direct, and i have 3 pc's.
thanks
I use a firewall which allows a block of DoS IPs from any to any
On 03:41 Thu 28 Aug , ZaiD Dashti wrote:
Dear security
i got a DoS attack, how i can stop it ?
For now, yank the plug on your DSL so you're off the internet. Switch to
dialup if you can, and then close as many ports as you can. Change your root
password. This is *very* general advice
i got a DoS attack, how i can stop it ?
note:
i have a lan network in my home, and DSL connection which is connected
to the
hub direct, and i have 3 pc's.
thanks
I use a firewall which allows a block of DoS IPs from any to any also
can close ports easily. Plus, if you log
On Wed, 27 Aug 2003, Mike Hogsett wrote:
i got a DoS attack, how i can stop it ?
note:
i have a lan network in my home, and DSL connection which is connected
to the
hub direct, and i have 3 pc's.
thanks
I use a firewall which allows a block of DoS IPs from any
On Sun, 5 Jan 2003, Michael wrote:
Thanks for all that responded. Your ideas are great but they will just
slow the dos down if even that. I guess no one has either thought of a
true way to stop a DOS or maybe its really impossible because your
allowing them in to begin with.
Easier said than
with very strict rules, on
FreeBSD
4.7 IPFW does me no good because i am allowing the port they are
abusing
(80) due to the last DOS attack and my few hours research i have the
following options already in my rc.conf
tcp_extensions=NO
tcp_keepalive=YES
tcp_restrict_rst=YES
january first. I am running IPFW with very strict rules, on FreeBSD
4.7 IPFW does me no good because i am allowing the port they are abusing
(80) due to the last DOS attack and my few hours research i have the
following options already in my rc.conf
tcp_extensions=NO
tcp_keepalive=YES
strict rules, on FreeBSD
4.7 IPFW does me no good because i am allowing the port they are abusing
(80) due to the last DOS attack and my few hours research i have the
following options already in my rc.conf
tcp_extensions=NO
tcp_keepalive=YES
tcp_restrict_rst=YES
icmp_bmcastecho
Thanks for all that responded. Your ideas are great but they will just
slow the dos down if even that. I guess no one has either thought of a
true way to stop a DOS or maybe its really impossible because your
allowing them in to begin with. I figured it was worth a shot to ask. Ill
just wait it
Michael wrote:
Thanks for all that responded. Your ideas are great but they will just
slow the dos down if even that.
Well, that seems like it's better than nothing. I have always
regarded DOS attacks as crimes of opportunity: as you say, it
doesn't take a lot of smarts to pull one off.
If
be the man is behind a keyboard, the sad thing is most of them don't
have the slightest idea about the code behind their tools, they just know
how to run them. The only way to get rid of a DOS attack is to either ride
it out until they get bored, or contact your host and ask their network
engineers
]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sean J.
Countryman
Sent: Sunday, January 05, 2003 5:04 PM
To: FreeBSD Questions; Michael
Subject: RE: DOS ATTACK. Any Suggestions?
As soon as my site gets big and i have a
lot of users in irc, some little jealous network comes along and
destroys what i
: Sunday, January 05, 2003 7:00 PM
To: 'FreeBSD Questions'
Subject: RE: DOS ATTACK. Any Suggestions?
Since the IP range seems to belong to shawcable.net (24.67.253.203)I
would send an E-mail to them. The scanning back has worked for me as
well BUT be carefull or you might be labled the bad one
. This has been going
on
since january first. I am running IPFW with very strict rules, on
FreeBSD
4.7 IPFW does me no good because i am allowing the port they are
abusing
(80) due to the last DOS attack and my few hours research i have the
following options already in my rc.conf
tcp_extensions
by the
nobodys many times and it usually just goes away. This has been going
on
since january first. I am running IPFW with very strict rules, on
FreeBSD
4.7 IPFW does me no good because i am allowing the port they are
abusing
(80) due to the last DOS attack and my few hours research i have
26 matches
Mail list logo
