russell@ccu1.aukuni.ac.nz (Russell J Fulton;ccc032u) (05/28/91)
We have an anonymous ftp archive of mac, msdos and some other material. We set it up mainly for use of people within New Zealand to save traffic on our international link as lots of people download the latest version of 4DOS or whatever from SIMTEL. Our problem is that we are now getting traffic from all over the world! Our connection to the rest of you is via an expensive satellite link on which we pay for *all* the traffic. I have put up a README file which gets displayed on anonymous logins asking people from outside New Zealand to use archive sites nearer to home and this has cut traffic by about half but we are still getting quite a few people ignoring it. We could simply lock out access on our router but we don't want to be that drastic. What I currently intend to do is patch ftpd to introduce delays into international traffic so that transfers will be slow and put a message to that effect in the README file. I am interested in other's opinions on the best way to tackle this problem and also in any pointers as to the best way introduce delays into the transfer. (My first attempt will be to put a sleep into the loop for every 1000 chars.) Thanks Russell. -- Russell Fulton, Computer Center, University of Auckland, New Zealand. <rj_fulton@aukuni.ac.nz>
verber@pacific.mps.ohio-state.edu (Mark Verber) (05/28/91)
The ftpd from archive.wustl.edu is pretty nice. You can define classes of access and limits to resources. For example, you could set a rule that says access from machines *.nz is local, and in unbounded. Access from *.au is limited by time of day, and everything else is in class foreign which is refused. --mark
lance@motcsd.csd.mot.com (lance.norskog) (05/29/91)
russell@ccu1.aukuni.ac.nz (Russell J Fulton;ccc032u) writes: >We have an anonymous ftp archive of mac, msdos and some other material. We >set it up mainly for use of people within New Zealand to save traffic on >our international link as lots of people download the latest version of >4DOS or whatever from SIMTEL. Our problem is that we are now getting traffic >from all over the world! Our connection to the rest of you is via an expensive >satellite link on which we pay for *all* the traffic. If you're using inetd you can make it call a shell script which then calls ftpd. The shell script's standard input is the incoming FTP socket. The shell script can do any level of checking it wishes: 1) write a program which prints getpeername() from standard input, 2) check it against the database of assigned New Zealand network numbers. You should be able to get this data from the NIC. Other sites use this trick to limit the total number of simultaneous FTP sessions. Lance
wjw@ebh.eb.ele.tue.nl (Willem Jan Withagen) (06/05/91)
In article <1991May27.231414.132@ccu1.aukuni.ac.nz>, russell@ccu1.aukuni.ac.nz (Russell J Fulton;ccc032u) writes:
=> We have an anonymous ftp archive of mac, msdos and some other material. We
=> set it up mainly for use of people within New Zealand to save traffic on
=> our international link as lots of people download the latest version of
=> 4DOS or whatever from SIMTEL. Our problem is that we are now getting traffic
=> from all over the world! Our connection to the rest of you is via an expensive
=> satellite link on which we pay for *all* the traffic.
=>
=> I am interested in other's opinions on the best way to tackle this problem and
=> also in any pointers as to the best way introduce delays into the transfer.
=> (My first attempt will be to put a sleep into the loop for every 1000 chars.)
=>
There's this internet frontdoor developed by someone here one the University
(wswietse@info.win.tue.nl), which could fullfill your needs.
It's a small program which replace an original inetd forked deamon,
logs the session and from where it was originated,
then checks if the site is authorised to do so, if not it aborts the session.
This not only for ftpd, but all: fingerd, rshd, telnetd, .....
So you could do real nice things with it.
On ftp.eb.ele.tue.nl [131.155.20.25]
you can get /pub/apollo/frontd.10.3.tar,Z
(Note that is changed to be used on Apollo systems, but that mainly concerns
the makefile.)
You could also go to: svin02.info.win.tue.nl
and get /pub/host_deny.tar.Z
which would give you the one made by the original author.
Willem Jan.
--
Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl
Digital Systems Group, Room EH 10.10
P.O. 513 Tel: +31-40-473401
5600 MB Eindhoven The Netherlands