Banning Abusive Users, Simple

This article reviews the various controls and settings used by SNIP to ban abusive users.  This feature allows you to detect and to ban connecting users (remote IPs) who fail to connect to your SNIP Caster node repetitively for long periods of time without success. We call these “abusive IP connections” although the root cause is often simply an ill-configured NTRIP Client attempting to connect.

Note:  The ability to temporarily ban IPs after exceeding these connections exceed the thresholds which you have set is not available on the Lite model of SNIP.  The process does operate during the evaluation period.  In the Basic model this feature is enabled and all IP banning is automatic, but there is no ability to edit or to permanently ban specific IP values. More complex editing of the IP list and the individual ban periods is available on Pro and Enterprise models of SNIP, this feature is described in this companion article.

The IP Ban Settings Dialog is accessed in one of two ways:

  • On the Control menu, under the menu item:  IP Ban Settings…
  • A small button marked “B” on the Caster and Clients tabs  between the buttons List Current Users and List Recent IPs (the button is active only when there are banned IPs)

This dialog is used to set the values of various count thresholds that are used whenever a remote device (typically an NTRIP Client) fails to connect to the caster due so some form of error.   Whenever a device successfully connects, these counts are all reset to zero (in effect “all is forgiven”).

In this context, a device requesting a Caster Table is not considered an error.  Requesting a Caster Table entry in the table which does not exist is an error and contributes to the count.  Bad user names and passwords used for otherwise valid mountPt names are also examples of errors.  Ill-formed requests (with the exception of various browsers) are also considered errors.  If a device does not attempt to connect for at least a selected period of time, the count is reset.

The operational logic is simple and direct.  When a device has failed to connect more times then allowed, it is banned from further connections for the period of time selected.  The device is sent either a 403 message or an html web page that explains why it was banned.  Which of these is sent is controlled by the current preferences settings. Ban periods can range from tens of seconds seconds to several days, as the user selects.  All these counts are reset when SNIP is started; only the list of permanently banned IPs and the control values persist between SNIP restarts.

Two different count thresholds are supported, an “initial” value and a “what, is it you again” value for repeat offenders, as described below.   These values are all set in the dialog show below.    Any currently banned IP values are listed below the controls and these can be reset or removed with the Reset button.

Ban_DefaultView

The Control Settings

Enable IP Ban Processing

This acts as a master on/off switch and can be used to disable further ban processing.

Failed Connections, 1st Time

This is the number of times any unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are allowed to try and connect without success before being banned for the very first time.  The value can be set between 10 and 50,000.

The default value of 2500 allows an NTRIP Client that tries to connect every ~10 seconds to try for just under 7 hours before being banned.   A very aggressive client (connecting at a 1Hz rate) would reach the same threshold in 42 minutes.  RTCM SC-104 recommends that unsuccessful NTRIP Client devices implement a back off strategy in such cases, which would result in several days before reaching the threshold point.

Ban Length Time

The amount of time that the ban will last for new users.  If, for example, the setting was 120 seconds, a newly banned IP will not be allowed to try and connect again for 2 minutes.  After the two minute period the ban is lifted and connections from the NTRIP Client software will again be processed.

A time of 10~30 minutes is recommended as a balance between getting the user’s attention and correcting conditions without waiting for too long.  If you find that your static IP is being abused by other parties who are not your users (we presume a closed Caster) a longer time ~4 hour with a low count is suitable.  The value can be set between 10 and 15,000 seconds  (4.2 hrs).

Important Notes: 

  1. The ban applies to new connections, any existing other connections from this IP (which by the fact that they are connected implies that they have been successful) are not affected.
  2. The entire IP is banned at this point, not the NTRIP Client software nor any specific ports. So conditions can exist (typically on a PC used by a GNSS researcher) when running multiple NTRIP Client software packages that one bad set of settings can affect the ability of other software on the same machine.
  3. In offices which use DHCP and NAT to share a single IP value between different users, please consider point #2.
  4. During the active ban period, SNIP spends as little time as possible on the request, closing the TCP/IP socket and not keeping any further statistical details of the IP/agent/user/attacker.

Failed Connections, 2nd Time

This is the number of times that any unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are allowed to try and connect without success before being banned two or more times (after being banned once before).   It is typical to set the threshold for “repeat offenders” to a lower number.  The value can be set between 10 and 50,000.

Reset Period

This is the amount of time (in hours) which must pass before the set of counts for a given unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are all reset to zero.   Any connection attempts during this time (if not banned) resets the time.  The purpose of this is to allow an NTRIP Client device to have a “fresh start” after a lapse in trying to connect.   The value can be set between 10 and 150 hours (~6.25 days).

The Buttons

The Reset Button

This control allows removing all temporary banned IPs.  [Any permanently banned IPs are retained]  Pressing the reset button does not affect the running counts of non-banned devices.

Defaults

Resets the various counts and times to predetermined values useful to many SNIP operators.  Any values which you set will be kept and reused the next time SNIP is run if the dialog is dismissed with the Ok button.

Print

Shows the list of current banned IPs (if any) in the console.

Edit

Allows the user to view and to edit the ban time value for the selected IP.  Allows changing the ban time for an IP from a temporary time period to permanent.  Allows adding new IPs

i

Brings up the web based knowledge base page for this topic in the user’s preferred browser.

Cancel

Dismisses the dialog box without using any changed data.

Ok

Dismisses the dialog box without saving the current data values.

Viewing Banned IPs

The image below shows a temporarily banned IP value. The green “T” indicate that the ban is temporary.  A permanent ban is indicated with a blue “P” symbol.  In the Pro and Enterprise models an IP value can be permanently banned or its temporary ban time can be adjusted as desired.  See this article for details.

Ban_PostAddView

 

Was this article helpful?

Related Articles

Leave A Comment?