1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A dilemma

Discussion in 'Support' started by vefatica, Jun 7, 2010.

  1. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,959
    Likes Received:
    30
    I'd like not to filter traffic to lucky's ftp server. But I won't tolerate abuse (see attached hammer.zip). I can "block users who connect more than ____ times within ______ seconds for ______ minutes" (or permanently). But I don't want to limit honest folks. I often see this (see attached connect14.txt). That's 14 connections in 9 seconds, obviously not done manually (what is TCC doing?).

    Any suggestions for some anti-hammering settings?
     

    Attached Files:

  2. Steve Fabian

    Joined:
    May 20, 2008
    Messages:
    3,520
    Likes Received:
    4
    ----- Original Message -----
    From: "vefatica" <>
    | I'd like not to filter traffic to lucky's ftp server. But I won't
    tolerate abuse (see attached hammer.zip). I can "block users who connect
    more than ____ times within ______ seconds for ______ minutes" (or
    permanently). But I don't want to limit honest folks. I often see this
    (see attached connect14.txt). That's 14 connections in 9 seconds, obviously
    not done manually (what is TCC doing?).
    |
    | Any suggestions for some anti-hammering settings?

    I am not sure, it is possible I was the user accessing lucky's ftp
    server, using IFFP and the command
    copy/s/[d2010.05.31@19.46] ftp:
    to capture everything newer than my last capture. I cannot check whether I
    used TCC V10 or V11.
    I have not tried to capture the detail log of activities of the above
    commands, so I cannot tell if I had anything to do with the events you
    reported. The IP address I see in your log does not match the one Comcast
    assigned to my modem or laptop (%_IP reports 68.54.89.194). Using WinXP SP3
    firewall with latest updates, Grisoft AVG free.
    If you can afford the "hammering" on barnyard, the simplest thing would
    be for your batch files to always upload everything to both ftp servers
    automatically. and put in strong filtering on lucky. But please verify that
    a TCC command to copy all from lucky with either the /uf or /[dXXX] options
    will not break due to too many connection disconnection actions, since
    those (if they do occur) are part of the JPsoft / IP works implementation
    that are not under user control.
    --
    HTH, Steve
     
  3. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,959
    Likes Received:
    30
    On Mon, 07 Jun 2010 14:55:15 -0400, Steve Fábián <> wrote:

    | If you can afford the "hammering" on barnyard, the simplest thing would
    |be for your batch files to always upload everything to both ftp servers
    |automatically. and put in strong filtering on lucky. But please verify that
    |a TCC command to copy all from lucky with either the /uf or /[dXXX] options
    |will not break due to too many connection disconnection actions, since
    |those (if they do occur) are part of the JPsoft / IP works implementation
    |that are not under user control.

    I wasn't saying it was you.

    Barnyard's not mine ... been around since it was a neXt (pre 1992) ... survived!

    Serv-U's management tool seems to have mislead me. The help, OTOH, says "block
    if ___ failed logins in ___ seconds" and after a little testing, that seems to
    be the case. So, apparently, I can use strict anti-hammering settings and not
    affect anonymous traffic.
    --
    - Vince
     

Share This Page