Question about server load and PORTFLOOD setting in CSF/LFD

**Bdzzld** · 07-21-2009 05:14 AM

Hi,

Can someone please clearify if the following setting in CSF/LFD :

Code:

PORTFLOOD = "80;tcp;20;5"

instead of the default one :

Code:

PORTFLOOD = ""

will cause a noticable increase in server load? And further more if this increase in server load (if any) is neglectable when the increase in safety is taken into account?

Thanks.

**nikey** · 08-16-2009 11:28 PM

I've noticed no load and I've gone as low as

Code:

PORTFLOOD = "80;tcp;10;5"

**Bdzzld** · 08-17-2009 02:05 AM

Hi,

Thanks for being the first to answer.

That means you'll only allow ten connections per IP-address per five seconds. I'm not sure what type of server you're using but ain't that a bit low?

I myself was thinking about :

Code:

PORTFLOOD = "80;tcp;20;1"

(20 connections per IP-address per second to the httpd server)

**nikey** · 08-17-2009 02:13 AM

right now im running 25:5 to combat a 50k request per-second GET flood. it blocked most of it, but left another 10% of the attack for me to mitigate manually for a few hours.

**Bdzzld** · 08-17-2009 04:23 AM

Hi Nikey,

According to the documentation CSF does only count 20 hits at max :

http://www.configserver.com/free/csf/readme.txt

...
2. By default it only counts 20 packets per address remembered

*This means that you need to keep the hit count to below 20.
...

So I guess evey value above 20 won't work...

**nikey** · 08-18-2009 02:44 AM

i must have missed that... right now im running 20:3 which seems to do a pretty good job. imo, 20:1 just seems way too lose and would allow GET based floods through the firewall. I found 20:5 a good tight setting for heavy attacks.

**Bdzzld** · 08-18-2009 04:20 AM

Hi Nikey,

May I ask you what kind of services you're using the server CSF/LFD is installed on for?

Thanks.

**nikey** · 08-18-2009 02:59 PM

Webhosting. So far I've not noticed any issues with the 20:3 settings. However, I'm thinking 20:5 might work alright as well. right now i've been toying with the settings a lot since im under a 75k per-second get flood.

**GaryT** · 12-01-2010 05:42 PM

Old thread this from a google find, Is the limit on CSF still in place or has this been changed.

I mean

PORTFLOOD = 80;tcp;40;1

Or does the values have to be lower than 20 ? Such as:

80;tcp;20;1

as I was using:

80;tcp;40;1

Till I seen your port about limits....

**Bdzzld** · 12-02-2010 02:09 AM

Indeed a very old thread. Maybe it's better to ask the author of CSF/LFD yourself on its corresponding forum instead?

LinkBack

Thread Tools

Question about server load and PORTFLOOD setting in CSF/LFD

Re: Question about server load and PORTFLOOD setting in CSF/LFD

Re: Question about server load and PORTFLOOD setting in CSF/LFD

Help - lfd on server: High 5 minute load average alert - 6.15

Question about server load and PORTFLOOD setting in CSF/LFD

lfd alert for high server load. Who's the culprit?

CSF/LFD -- lfd.log question

csf / lfd