Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
TCP per minute exceeded lockout
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
TCP per minute exceeded lockout - 14.Feb.2007 9:36:56 AM
|
|
|
paul_psmith
Posts: 53
Joined: 2.Nov.2006
Status: offline
|
I am getting alerts on the TCP connections per minute being exceeded. It says in the alert that this IP will be blocked from creating new connections for 1 minute.
I would like to increase this to 15 minutes. Is there any way to do this? I can't find any way to configure this from the GUI. Is there a registry tweak or a script that can change this?
Error message follows:
The number of TCP connections per minute from the source IP address 219.91.72.253 exceeded the configured limit. ISA Server will not allow the creation of new TCP connections from this source IP address during a system-defined time period. By default, this time period is 1 min.
Thanks
PS
|
|
|
|
|
RE: TCP per minute exceeded lockout - 14.Feb.2007 9:58:45 AM
|
|
|
paul_psmith
Posts: 53
Joined: 2.Nov.2006
Status: offline
|
I don't have that option.
Thanks
PS
|
|
|
|
|
RE: TCP per minute exceeded lockout - 21.Feb.2007 11:43:03 AM
|
|
|
paul_psmith
Posts: 53
Joined: 2.Nov.2006
Status: offline
|
Since no one responded to my last post about me not having this option, I had to call MS. I have found the responses on this site to sometimes sort of disappear. This would have been an easy question for someone to answer from the site, but I ended up having to blow some of our select contract with MS to get this really simple answer.
Short answer is that this feature has been removed from ISA 2006. The screen shot that elmajdal sent was from ISA 2004 and I have 2006. There is a registry tweak for it, however...
Long answer is an interesting way this feature functions.
If you change this setting it does not just modify the amount of time an IP is blocked from making new connections. It also modifies the amount of time that a large number of connections can be made. It also has an interesting charateristic in the lockout.
Here is how it works:
It an IP tries to make 600 connections per minute, ISA server will not allow any more connections for the remainder of that minute. So if an makes 600 connections in the first 5 seconds, it will be blocked for 55 seconds. If it makes 600 connection in 30 seconds, it will only be blocked for 30 seconds. Got it?
So why can't we increase the no new connections time so the IP address will be locked out longer?
Nice try. Apparently the setting also modfies the time for the number of connections to be exceeded. So if you want to change the time to 10 minutes so the client can't connect for 10 minutes, you have also changed the number of minutes the client has to make the 600 connections. So a client could make 600 connections in 9m 30s, and still only get locked out for 30 seconds.
I suggested they seperate the two functions. Maybe in SP1...
Thanks
PS
|
|
|
|
|
RE: TCP per minute exceeded lockout - 21.Feb.2007 12:26:08 PM
|
|
|
elmajdal
Posts: 5103
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
mmmm , i didnt notice this options was removed from ISA 2006 !!!
Thanks for the update.
Regards,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: TCP per minute exceeded lockout - 22.Feb.2007 4:46:52 AM
|
|
|
9belowzero
Posts: 1
Joined: 22.Feb.2007
Status: offline
|
I didn't notice that option either within ISA 2006, however it looks like it has been moved under "Flood Mitigation Settings"
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
