I have the same question. Why is this really needed ? ( security ? , performance ?... maybe some sites
have so much bad pw activity that it consumes resources and saps performance ? )
Last month I wasted a day battling a "mystery problem" where all users on an important host
( a large Terminal server ) were un-able to access the NAS.
The cause of the "mystery problem" ( partial service outage ) was the new on-by-default "auto barring" feature.
Most of the auto-bars I have seen have been legit ( broken clients ...etc ) ;however,
it appears that multi-user terminal servers are frequent accidental ( not legit ) auto-bars.
Currently, I believe that the trigger for barring is:
"If , from a given IP Address, there are 21 bad logon attempts within 2 seconds,
THEN, that IP Address will be barred. "
The thresholds of this can be tuned ; however, this can be problematic since
de-sensitizing "auto-barring" to prevent non-legit auto-bars also
prevents legit "auto-bars".
The "auto-bar" feature needs a "do not bar" list .
It should be possible to add the following to the "do not bar" list
- IP Addresses
-IP Address ranges ( 184.108.40.206/16 .... etc )
- host names
The "auto-bar" feature also needs an auto-clear feature so that when the client-side issue is
resolved the bar is removed after N hours. ( the NAS admin should not have to babysit
this feature and be forced to manually remove the "bars" )
There may be an actual good reason for implementing this feature; however,
having it active-by-default was probably not a good idea since it results
in , partial, service outages. As currently implemented the feature causes some disruption
and causes some extra work for NAS admins.
> From: Abhishek Saxena via Hitachi Vantara <email@example.com>
> HNAS 13.9 introduced SMB-client-barring, a list where clients are automatically added if they generated enough unauthenticated
> requests to HNAS. Why is this functionality needed?
> Other NAS products out there do not seem to have a need of similar blocking in place.