SAP Knowledge Base Article - Public

2290580 - Auto-ban rules for SFTP servers

Symptom

  • Connections/attempts/transfers considered invalid commands will get banned and will follow this rules
  • Sending an invalid password is considered an "invalid command"
  • Connection flood or DoS attacks can be prevented with this measures

Environment

SAP SuccessFactors HXM Suite

Resolution

  • Depending on the security level, the following policies will apply:
    SFTP Auto-Ban Characteristics and Security Levels.png
  • A brief explanation and example on 'Medium' level:
    "Our SFTP service autoban configurations are set to ‘Disconnect User After 5 Invalid Commands’ and the sensitivity configuration is set to ‘Medium’.
    Medium means that – 1000 are fail points which trigger recognition of an attack. It takes 100 seconds for the 1000 fail points to return back to 0 when the attack is no longer occurring.
    For this incident the ‘connection oriented attack setting’ is the impactful one. The ban limit for connections is 20 within 10 seconds.
    The time needed to unban the IP address after being banned is 30 seconds."
  • If you are unable to connect to SFTP, create Support incident and provide your Public IP address and we will confirm if you are on the auto ban list.

Keywords

eft, sFTP, permaban, autoban, banlist, security policy,SFTP, Public IP , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SFTP , LOD-SF-PLT-SFTP , LOD-SF-PLT-SEC , Security Reports , How To

Product

SAP SuccessFactors HXM Core all versions