A dilemma

vefatica

vefatica

May 20, 2008
12,328
134
Syracuse, NY, USA
I'd like not to filter traffic to lucky's ftp server. But I won't tolerate abuse (see attached hammer.zip). I can "block users who connect more than ____ times within ______ seconds for ______ minutes" (or permanently). But I don't want to limit honest folks. I often see this (see attached connect14.txt). That's 14 connections in 9 seconds, obviously not done manually (what is TCC doing?).

Any suggestions for some anti-hammering settings?
 

Attachments

  • connect14.txt
    5.9 KB · Views: 101
  • hammer.zip
    18.1 KB · Views: 94
----- Original Message -----
From: "vefatica" <>
| I'd like not to filter traffic to lucky's ftp server. But I won't
tolerate abuse (see attached hammer.zip). I can "block users who connect
more than ____ times within ______ seconds for ______ minutes" (or
permanently). But I don't want to limit honest folks. I often see this
(see attached connect14.txt). That's 14 connections in 9 seconds, obviously
not done manually (what is TCC doing?).
|
| Any suggestions for some anti-hammering settings?

I am not sure, it is possible I was the user accessing lucky's ftp
server, using IFFP and the command
copy/s/[d2010.05.31@19.46] ftp:
to capture everything newer than my last capture. I cannot check whether I
used TCC V10 or V11.
I have not tried to capture the detail log of activities of the above
commands, so I cannot tell if I had anything to do with the events you
reported. The IP address I see in your log does not match the one Comcast
assigned to my modem or laptop (%_IP reports 68.54.89.194). Using WinXP SP3
firewall with latest updates, Grisoft AVG free.
If you can afford the "hammering" on barnyard, the simplest thing would
be for your batch files to always upload everything to both ftp servers
automatically. and put in strong filtering on lucky. But please verify that
a TCC command to copy all from lucky with either the /uf or /[dXXX] options
will not break due to too many connection disconnection actions, since
those (if they do occur) are part of the JPsoft / IP works implementation
that are not under user control.
--
HTH, Steve
 
On Mon, 07 Jun 2010 14:55:15 -0400, Steve Fábián <> wrote:

| If you can afford the "hammering" on barnyard, the simplest thing would
|be for your batch files to always upload everything to both ftp servers
|automatically. and put in strong filtering on lucky. But please verify that
|a TCC command to copy all from lucky with either the /uf or /[dXXX] options
|will not break due to too many connection disconnection actions, since
|those (if they do occur) are part of the JPsoft / IP works implementation
|that are not under user control.

I wasn't saying it was you.

Barnyard's not mine ... been around since it was a neXt (pre 1992) ... survived!

Serv-U's management tool seems to have mislead me. The help, OTOH, says "block
if ___ failed logins in ___ seconds" and after a little testing, that seems to
be the case. So, apparently, I can use strict anti-hammering settings and not
affect anonymous traffic.
--
- Vince
 
You must log in or register to reply here.
Top Bottom
Back