Question about server load and PORTFLOOD setting in CSF/LFD

Bdzzld · Jul 21, 2009

Hi,

Can someone please clearify if the following setting in CSF/LFD :

Code:

PORTFLOOD = "80;tcp;20;5"

instead of the default one :

Code:

PORTFLOOD = ""

will cause a noticable increase in server load? And further more if this increase in server load (if any) is neglectable when the increase in safety is taken into account?

Thanks.

nikey · Aug 16, 2009

I've noticed no load and I've gone as low as

Code:

PORTFLOOD = "80;tcp;10;5"

Bdzzld · Aug 17, 2009

Hi,

Thanks for being the first to answer.

That means you'll only allow ten connections per IP-address per five seconds. I'm not sure what type of server you're using but ain't that a bit low?

I myself was thinking about :

Code:

PORTFLOOD = "80;tcp;20;1"

(20 connections per IP-address per second to the httpd server)

nikey · Aug 17, 2009

right now im running 25:5 to combat a 50k request per-second GET flood. it blocked most of it, but left another 10% of the attack for me to mitigate manually for a few hours.

Bdzzld · Aug 17, 2009

Hi Nikey,

According to the documentation CSF does only count 20 hits at max :

http://www.configserver.com/free/csf/readme.txt

...
2. By default it only counts 20 packets per address remembered

*This means that you need to keep the hit count to below 20.
...

So I guess evey value above 20 won't work...

nikey · Aug 18, 2009

i must have missed that... right now im running 20:3 which seems to do a pretty good job. imo, 20:1 just seems way too lose and would allow GET based floods through the firewall. I found 20:5 a good tight setting for heavy attacks.

Bdzzld · Aug 18, 2009

Hi Nikey,

May I ask you what kind of services you're using the server CSF/LFD is installed on for?

Thanks.

nikey · Aug 18, 2009

Webhosting. So far I've not noticed any issues with the 20:3 settings. However, I'm thinking 20:5 might work alright as well. right now i've been toying with the settings a lot since im under a 75k per-second get flood.

GaryT · Dec 1, 2010

Old thread this from a google find, Is the limit on CSF still in place or has this been changed.

I mean

PORTFLOOD = 80;tcp;40;1

Or does the values have to be lower than 20 ? Such as:

80;tcp;20;1

as I was using:

80;tcp;40;1

Till I seen your port about limits....

Bdzzld · Dec 2, 2010

Indeed a very old thread. Maybe it's better to ask the author of CSF/LFD yourself on its corresponding forum instead?

Thread starter	Similar threads	Forum	Replies	Date
M	Securing server question	Security	1	Aug 28, 2019
	Open ports on server question	Security	3	Apr 17, 2019
M	PHP Stress test on cPanel Server question	Security	3	Dec 28, 2018
S	Question about server security	Security	2	Oct 9, 2017
L	Securing server without CloudLinux question	Security	6	Aug 19, 2017

Search

Search

Question about server load and PORTFLOOD setting in CSF/LFD

Bdzzld

Well-Known Member

nikey

Member

Bdzzld

Well-Known Member

nikey

Member

Bdzzld

Well-Known Member

nikey

Member

Bdzzld

Well-Known Member

nikey

Member

GaryT

Well-Known Member

Bdzzld

Well-Known Member