How to get your IP banned


Top   SNIP Knowledge Base

Ban Thresholds

The SNIP node on the RTK2go site employs the SNIP IP tracking logic to detect and block addresses that continually abuse the machine in an attempt to connects or to attack it.  The thresholds are set at a high level, and the period of the ban is very short, as this site often has novice users connecting to it.

A count is kept of the number of “bad” or failed connections seen for every IP address.  This value is reset on any successful connection or after a period of non use.  If the value grows too large (thousands of failed connections) the IP is banned for a period of time (~15 minutes).  These are all threshold values which the operator can set.  An aggressive NTRIP Client can get itself banned by attempting to connect once per second for a hour or two.  A more normal NTRIP Client might see this after 2 days of trying to connect without success.

In either event, the client will get either a 40x reply message or an html page back until the banned period has passed at which time its connection will again be processed.   In the RTK2go.com site configuration, we send the Caster Table as an html page when non NTRIP Clients connect in the hopes that the connection user will read it and understand what is occurring.  If a browser connects from a banned IP, an minimalist html page is returned.

The most common cause of this event is benign; it is simply an NTRIP Client trying to connect to a stream that does not exist.   If this happens to your device, it indicates you have some fundamental issues with your connection you need to work out.

Helpful Hints: If the NTRIP Client is another SNIP device, and the SNIP2SNIP protocol is enabled on the Caster (in the prefs dialog), the mis-connected Client will receive some additional messages to assist the them to determine what corrective action to take.

The second most common cause is a device that correctly connects but then never sends any data.  After 15 seconds of no activity, SNIP disconnects these data streams.

 


If Banned

A Ban state can last from  minutes to days depending how the SNIP node has been set.  Here a period of 15 minutes is typically used.  SNIP also provides for permanent bans of an IP in the Pro model and we have had to use that in some rare cases.

Because the ban affects the IP itself (not the port used), you can often use a browser to see if your own node has been banned. If banned, you will see a message similar to the below while the ban lasts.  To protect the Caster, no further information is provided.

The NTRIP Caster has banned your IP:
The IP address XXX.XX.XX.XXX has been Banned from connecting to the Caster.
This IP has failed to connect over 30 times in a row without success. Once the ban period has lapsed you will be permitted to try and log on again.
During the ban period all IP requests (including obtaining a Caster Table) are denied. Please check your log-on details and the mountPt string you are sending. This event most often occurs due to incorrect user settings with sustained rapid retries. Please take a look at your NTRIP Client settings before contacting the operator.

 


Usage Thresholds

The SNIP node on the RTK2go site is for all, but needs to be shared.   This is mostly a data input concern (not one of how many end users), there are roughly a hundred other data streams along with yours.

More than 5+ PUSH-In connection from the same IP, or sending in multiple data stream a with message rates greater than 1Hz are good ways to get noticed.   Noticed in this case means a 24 hour ban on the IP used.

There are many valid reasons to do this sort of thing, but please consider just getting your own copy of SNIP to try them on.

 


For SNIP Owner / Operators

SNIP operators are advised to set these levels much lower on their own machines.

Using the IP Ban control settings are discussed further here, and here,  on the knowledge base site.


For those connecting to RTK2go with a SNIP device.

For SNIP-2-SNIP connections the RTK2go Caster will also send back additional details in a report regarding why the connection failed.  This is part of the proprietary interactive protocol implemented by SNIP on top of the NTRIP layer.  These reports are displayed on the receiving SNIP console so that the sender can take corrective measures.  While this feature is enabled on this SNIP node, please be aware that the owners / operators of other nodes may elect to disable this.