2290580 - Auto-ban rules for SFTP servers

• Connections/attempts/transfers considered invalid commands will get banned and will follow this rules
• Sending an invalid password is considered an "invalid command"
• Connection flood or DoS attacks can be prevented with this measures
• If IP added to auto-ban list connection might fail with error : "Connection Closed by UNKNOWN Port 65535"

SAP SuccessFactors HCM Suite

• Depending on the security level, the following policies will apply:
  
• A brief explanation and example on 'Medium' level:
  "Our SFTP service autoban configurations are set to ‘Disconnect User After 5 Invalid Commands’ and the sensitivity configuration is set to ‘Medium’.
  Medium means that – 1000 are fail points which trigger recognition of an attack. It takes 100 seconds for the 1000 fail points to return back to 0 when the attack is no longer occurring.
  For this case the ‘connection oriented attack setting’ is the impactful one. The ban limit for connections is 20 within 10 seconds.
  The time needed to unban the IP address after being banned is 30 seconds."
• If you are unable to connect to SFTP, create Support case and provide your Public IP address and we will confirm if you are on the auto ban list.

eft, sFTP, permaban, autoban, banlist, security policy, SFTP, Public IP, Connection Closed by UNKNOWN Port 65535 , KBA , LOD-SF-PLT-FTPE , SFTP Login Errors , LOD-SF-PLT-SFTP , LOD-SF-PLT-SFTP , LOD-SF-PLT-SEC , Security Reports , How To