----- Original Message -----
From: "vefatica" <>
| I'd like not to filter traffic to lucky's ftp server. But I won't
tolerate abuse (see attached hammer.zip). I can "block users who connect
more than ____ times within ______ seconds for ______ minutes" (or
permanently). But I don't want to limit honest folks. I often see this
(see attached connect14.txt). That's 14 connections in 9 seconds, obviously
not done manually (what is TCC doing?).
|
| Any suggestions for some anti-hammering settings?
I am not sure, it is possible I was the user accessing lucky's ftp
server, using IFFP and the command
copy/s/[
[email protected]] ftp:
to capture everything newer than my last capture. I cannot check whether I
used TCC V10 or V11.
I have not tried to capture the detail log of activities of the above
commands, so I cannot tell if I had anything to do with the events you
reported. The IP address I see in your log does not match the one Comcast
assigned to my modem or laptop (%_IP reports 68.54.89.194). Using WinXP SP3
firewall with latest updates, Grisoft AVG free.
If you can afford the "hammering" on barnyard, the simplest thing would
be for your batch files to always upload everything to both ftp servers
automatically. and put in strong filtering on lucky. But please verify that
a TCC command to copy all from lucky with either the /uf or /[dXXX] options
will not break due to too many connection disconnection actions, since
those (if they do occur) are part of the JPsoft / IP works implementation
that are not under user control.
--
HTH, Steve
