Hi all,
I am wandering if MaxConnectionsPerHost can be evaluated before forking?
The ideea is to prevent ftp scans generate this in logs:
May 9 04:16:07 host123 proftpd[14640]: host123 - MaxInstances (30) reached, new connection denied
May 9 04:16:10 host123 last message repeated 38 times
catam
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

I am wandering if MaxConnectionsPerHost can be evaluated before forking?

No, because the determination of that limit is done by the child process.
It is also specifically done post-login, to allow for customizations via
the mod_ifsession module.

The ideea is to prevent ftp scans generate this in logs:

May 9 04:16:07 host123 proftpd[14640]: host123 - MaxInstances (30) reached, new connection denied
May 9 04:16:10 host123 last message repeated 38 times

For this issue, I would recommend using the mod_ban module:

TJ

The years teach much which the days never know.

-Ralph Waldo Emerson

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

Wed, 10 May 2006, TJ Saunders wrote:

>
>I am wandering if MaxConnectionsPerHost can be evaluated before forking?
>
No, because the determination of that limit is done by the child process.
It is also specifically done post-login, to allow for customizations via
the mod_ifsession module.

You sure is after login ?

MaxConnectionsPerHost
Similar to MaxClientsPerHost, the administrator can configure
the maximum number of connected clients from a single host at
one time. Unlike MaxClientsPerHost, though, the
MaxConnectionsPerHost limit is evaluated prior to authentication,
i.e. before the client has sent any USER and PASS commands.

>
>The ideea is to prevent ftp scans generate this in logs:
>>
>May 9 04:16:07 host123 proftpd[14640]: host123 - MaxInstances (30) reached, new connection denied
>May 9 04:16:10 host123 last message repeated 38 times
>
For this issue, I would recommend using the mod_ban module:

TJ

The years teach much which the days never know.

-Ralph Waldo Emerson

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

You sure is after login ?

MaxConnectionsPerHost
Similar to MaxClientsPerHost, the administrator can configure
the maximum number of connected clients from a single host at
one time. Unlike MaxClientsPerHost, though, the
MaxConnectionsPerHost limit is evaluated prior to authentication,
i.e. before the client has sent any USER and PASS commands.

, guess it's before login. Most of the other MaxClients* directives
are evaluated after login.

TJ

To be surprised, to wonder, is to begin to understand.

Y Gasset

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

I see xinetd have this option (per_source).So running proftpd
from xinetd might be a quick solution.

you can use mod_ban, as I suggested.

TJ

And forget not that the earth delights to feel your bare feet and the winds
long to play with your hair.

-Kahlil Gibran

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

I see xinetd have this option (per_source).So running proftpd
from xinetd might be a quick solution.

catam

Wed, 10 May 2006, TJ Saunders wrote:

>
>You sure is after login ?
>>
>MaxConnectionsPerHost
>Similar to MaxClientsPerHost, the administrator can configure
>the maximum number of connected clients from a single host at
>one time. Unlike MaxClientsPerHost, though, the
>MaxConnectionsPerHost limit is evaluated prior to authentication,
>i.e. before the client has sent any USER and PASS commands.
>
, guess it's before login. Most of the other MaxClients* directives
are evaluated after login.

TJ

To be surprised, to wonder, is to begin to understand.

Y Gasset

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>

, guess it's before login. Most of the other MaxClients* directives
are evaluated after login.

good, so is it possible to evaluate this (and possibly activate ban) before
fork? might be much more effective and prevent feom DoS

No, it is not possible to evaluate this before the fork. That is not the
purpose of the directive.

TJ

And forget not that the earth delights to feel your bare feet and the winds
long to play with your hair.

-Kahlil Gibran

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

ProFTPD Developers List
<proftpd-devel (AT) proftpd (DOT) org>