Trading Networks 10.3 | Administering and Monitoring B2B Transactions | Managing File Transfers with ActiveTransfer | Managing ActiveTransfer Server | Banning IP Addresses | Specifying Hammering Settings
 
Specifying Hammering Settings
At times, applications might attempt to access your ActiveTransfer Server or ActiveTransfer Gateway through a rapid succession of login attempts, a technique sometimes referred to as hammering. This can consume significant bandwidth and processing time, resulting in the denial of connection requests from other users.
Note:
Apply the settings to the server only in the absence of a gateway instance. If you have a server and a gateway instance, apply the settings to the gateway.
You can use the hammering settings to do the following:
*Set limits on the number of connection, password, or command execution attempts and the interval between them, and then ban the user’s IP address for a specified number of minutes when those limits are reached.
*Ban the IP address associated with a user, after the user’s first incorrect password attempt, either permanently or for a specified number of minutes.
*Block efforts to discover valid user credentials by holding the names of invalid users in cache for a specified number of seconds.
*Discourage hack attempts by robots that scan for writable directories on the server by slowing down responses to such clients.
Note:
If the hammering settings are too restrictive, they can prevent users and applications from connecting to ActiveTransfer Server or ActiveTransfer Gateway to exchange files or perform file operations under normal operating conditions.
When the specified time interval elapses, ActiveTransfer Server and ActiveTransfer Gateway automatically lift the ban on IP addresses. You can also free banned IP addresses before the specified time interval by using the Integration Server service wm.mft.server:unbanIPs. For details on the wm.mft.server:unbanIPs service, see webMethods ActiveTransfer Built-In Services Reference.
*To specify hammering settings
1. In My webMethods: Administration > Integration > Managed File Transfer > Server Management.
2. Select the server.
For details, see Selecting the Instance to Work With.
3. Click the Banning tab.
Note:
The remaining steps in this procedure pertain to the Hammering section.
4. If you want to ban a user’s IP address after a certain number of connection, password, or command execution attempts, do the following in the Ban a user's IP address after a certain number of unsuccessful attempts section:
a. Click the Edit button in the Connection, Password, or Command row as desired.
b. In the Maximum of box, enter the maximum number of attempts allowed.
c. In the attempts in box, enter the time period to be measured, in seconds.
d. In the then banned for box, enter the number of minutes to ban the IP address.
5. If you want to ban the IP address associated with a specific user after the user’s first incorrect password attempt, do the following in the Ban the IP addresses associated with the following users after the users' first incorrect password attempt section:
a. Click the button, and then enter the name of the user whose IP address you want to ban. Repeat this step for each user whose IP address you want to ban.
b. In Ban these IP addresses, select whether to ban the user’s IP address permanently or only for a certain number of minutes. If you select If attempted, for, enter the number of minutes to elapse before accepting another password attempt from that user’s IP address.
6. In the Remember invalid user names for box, enter the number of seconds to hold the names of invalid users in cache.
The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting.
7. To slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection, select Slow down hack attempt scans. This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective.
Selecting this option does not result in any extra load on the CPU.
8. Click Save.