RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting
From: Andy Dills (andy_at_xecu.net)
Date: 06/30/03
- Previous message: Allan Jude - ShellFusion.net Administrator: "RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting"
- In reply to: Allan Jude - ShellFusion.net Administrator: "RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Jun 2003 00:37:41 -0400 (EDT) To: "Allan Jude - ShellFusion.net Administrator" <dukemaster@shellfusion.net>
On Sun, 29 Jun 2003, Allan Jude - ShellFusion.net Administrator wrote:
> Using such 'limit src' firewall rules will not help you, my shell server
> quickly overran the maximum number of dynamic rules, even increasing the
> limit didn't make this plausable because there are 1000's of concurrent
> connections at any one time. If your traffic is small enough, it might
> be useful, but if you are using 10mb, or 100mb, it will easily blow your
> firewall away
Well, if you limit by individual IP, sure.
Don't use a full mask; try something like 0xffff0000, so that it's
limited per /16.
Don't forget to sysctl net.inet.ip.dummynet.expire to 1, and don't be
afraid to give net.inet.ip.fw.dyn_max a nice bump.
Regardless, this isn't how you deal with a DDoS...
Andy
--- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Allan Jude - ShellFusion.net Administrator: "RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting"
- In reply to: Allan Jude - ShellFusion.net Administrator: "RE: Shell Provider - DDoS Attacks - IPFW Ratelimiting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
