in the mean time you could try and find the differences between the DDOS packets & the good packets by doing packet captures (& analyzing them in wireshark)
@oliver42
the ftp itself works fine, problem is limiting the bw at the router side
i actually made a tcpdump right before making this post and looked at it in Wireshark, but not sure what to look for that will help me limit it
not sure if it matters, but found out its not just glftp, seems like all FTPS traffic is a problem (happening when using filezilla on a windows machine also)
@tman222 when using limiters I disabled all altq shapers, using tail drop for management algorithm, worst case weighed fare queue for schedulers.
When using shapers I was using hsfc. Default queue size from wizard.
I deleted and recreated limiters, etc. from scratch, now BW is throttled as expected. Gotta love computers.
All I had done previously was uncheck "Use this limiter and children" and check "Disable this rule" in the Floating Rules and it seemed to break it for good.
@Modesty How much the protocol is universally used for illegal or legal activities isn't relevant, you're making an assumption of your tenants use which unless you have data, or notices from your ISP could be incorrect. For example, you mention they use Steam, Steam uses the BitTorrent protocol to distribute data between players so they may not be doing anything illegal at all. I would say though that if the legal ramifications are a concern then you should consider having your tenants subscribe to their own service rather sharing yours. Depending on your ISP you might also be breaching your ISPs ToS by providing service to tenants not leaving you in a great defensible position should they be up to no good post gaming.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
