Symptom
- Connections/attempts/transfers considered invalid commands will get banned and will follow this rules
- Sending an invalid password is considered an "invalid command"
- Connection flood or DoS attacks can be prevented with this measures
Environment
SAP SuccessFactors HXM Suite
Resolution
- Depending on the security level, the following policies will apply:
- A brief explanation and example on 'Medium' level:
"Our SFTP service autoban configurations are set to ‘Disconnect User After 5 Invalid Commands’ and the sensitivity configuration is set to ‘Medium’.
Medium means that – 1000 are fail points which trigger recognition of an attack. It takes 100 seconds for the 1000 fail points to return back to 0 when the attack is no longer occurring.
For this case the ‘connection oriented attack setting’ is the impactful one. The ban limit for connections is 20 within 10 seconds.
The time needed to unban the IP address after being banned is 30 seconds." - If you are unable to connect to SFTP, create Support case and provide your Public IP address and we will confirm if you are on the auto ban list.
Keywords
eft, sFTP, permaban, autoban, banlist, security policy,SFTP, Public IP , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SFTP , LOD-SF-PLT-SFTP , LOD-SF-PLT-SEC , Security Reports , How To
Product
SAP SuccessFactors HCM Core all versions