Users Guide
Configuring Security Features 215
IP Blocking
IP blocking dynamically determines when excessive login failures occur from
a particular IP address and blocks (or prevents) the address from logging into
the DRAC 5 for a preselected time span.
The IP blocking parameter uses cfgRacTuning group features that include:
• The number of allowable login failures
• The timeframe in seconds when these failures must occur
• The amount of time in seconds when the "guilty" IP address is prevented
from establishing a session after the total allowable number of failures is
exceeded
As login failures accumulate from a specific IP address, they are "aged" by an
internal counter. When the user logs in successfully, the failure history is
cleared and the internal counter is reset.
NOTE: When login attempts are refused from the client IP address, some SSH
clients may display the following message: ssh exchange
identification: Connection closed by remote host.
See "DRAC 5 Property Database Group and Object Definitions" for a
complete list of cfgRacTune properties.
Table 11-16 lists the user-defined parameters.
Table 11-16. Login Retry Restriction Properties
Property Definition
cfgRacTuneIpBlkEnable Enables the IP blocking feature.
When consecutive failures
(cfgRacTuneIpBlkFailCount) from a single IP
address are encountered within a specific amount of
time (cfgRacTuneIpBlkFailWindow), all further
attempts to establish a session from that address are
rejected for a certain timespan
(cfgRacTuneIpBlkPenaltyTime).
cfgRacTuneIpBlkFailCount Sets the number of login failures from an IP address
before the login attempts are rejected.