IP Blocked Report

The IP Blocked Report displays a list of all IPs that the SNIP node has blocked, both permanently and on a temporary basis.  A history of the recent past blocked events are also displayed.

The primary purpose of this report is to quickly see if a specific IP has been blocked/banned when trouble shooting connection issues.  When requested by the SNIP node operator, all of the IP details are displayed.  When used in a web page (such as the STATUS report), the specific IP addresses are obscured to protect the privacy of the remote users.

A secondary use of this report is to review what users/devices are being blocked over and over again.  These are most typically users with mis-configured NTRIP Clients or Servers, rather than hostile DOS attacks.  After review, the SNIP node operator may elect to block the offending IP for a longer period of time, or even permanently.

Remote IPs get blocked after making multiple abusive connections a row.  Any correct (successful) connection event from that IP resets the various counters used to determine if an IP is blocked.  The thresholds can be set by the SNIP operator to suit local needs.  The  general functionality and use is described in two articles, here and here.  The IP Banning feature is not supported in the Lite editions of SNIP.

When the IP Blocked Report is displayed on a public page, only the IP and time is provided.  And the IP value is obscured to some degree to protect privacy but to allow a remote user to find their own IP on the list. The name of the last mountPt involved in the block may also be hidden, but is displayed when requested from the SNIP console by the operator.

A typical IP BLocked Report is shown below  (taken from the RTK2go.com Caster).  In this case the IPs shown have been further obscured.

When the IP Blocked Report is part of the general STATUS report, fewer details are given. The same report above appears as:

When the lower octet is blocked for an entire IP sub range, the  last digit is displayed as “*” as in “69.75.31.*”

Requesting the Report

This report can be obtained in several ways as shown in the table below.

Invoke this Report as follows: 
Web Command:/SNIP::IPBANS
Admin log in required to use (pending feature).
Doc Command:None, but the STREAMS button in viewer toolbar provides a terse (public) summary
SNIP Window:Menu: Reports -> Network Traffic -> IP Bans
And in the IP Bans Setting Dialog: Print button
Details:Note: Whenever the IP values are shown publicly, they are obscured.

This report cannot be requested over the web for security reasons.  Some web reports (such as STATUS) present a reduced summary of the data and also obscure details to protect user privacy.  This is intended to allow a remote user to determine if they have been temporarily banned without involving the SNIP node operator.

Related Articles