[ic] Possible bug: Too many new ID assignments for this IP address

Mike Heins mike at perusion.com
Wed Aug 24 12:57:46 EDT 2005 

Quoting John1 (list_subscriber at yahoo.co.uk):
> On Wednesday, August 24, 2005 2:45 PM, mike at perusion.com wrote:
> 
> >Quoting John1 (list_subscriber at yahoo.co.uk):
> >>On Wednesday, August 24, 2005 2:29 AM, mike at perusion.com wrote:
> >>
> >>Consequently the addr_ctr/IP file will keep counting up unless there
> >>is a *gap* of greater than "limit robot_expire" before a new session
> >>id is requested by the same IP address.
> >
> >Yes, this is correct.
> >
> >>
> >>i.e.  So if you use "Limit robot_expire 0.05", provided there are at
> >>least 2 requests per hour for a new session id from the same IP
> >>address the addr_ctr/IP file will keep counting up forever.
> >
> >Well, until it locks someone out for an hour.
> >
> Except it is highly likely to be a lot longer than an hour (possibly 
> indefinitely) if the IP in question is a large ISP's proxy server (using 
> NAT as do NTL and AOL in the UK - 2 of the biggest ISPs in the UK).  Has 
> anybody any idea why AOL operate these NAT proxies?

Should not happen. Since you don't assign a new session, and the counter
gets incremented only at that time, after an hour of no new session
you can get one.

> 
> >>
> >>Then after a few days or weeks RobotLimit will eventually be
> >>exceeded and the IP address will then be *permanently* locked out.
> >>By permanent I mean until there is a gap of at least 1 hour between
> >>requests for new session ids from the IP address in question.
> >
> >Aha, there is my misunderstanding. I didn't see an hour as
> >permanent.... 8-)
> >
> But do you understand why I use the word permanent?  The IP *will* be 
> locked out essentially permanently if it belongs to an ISP operating NAT 
> proxies.

No, I am afraid I don't.

> 
> If RobotLimit is set to 500, then whilst it may take a little while for the 
> 500 to be reached, once it has been reached the shutter comes down and the 
> count_ip code operates like a latch as only *one* new session id per hour 
> is required to *keep* the latch closed, not 500!

You can't get a new session after you are locked out -- if you can, there
is an error in the code. 

> 
> And also note that RobotLimit 500 doesn't actually require traffic of 500 
> per hour for addr_ctr/IP to eventually reach 500.  All that is needed is at 
> least *one* new session id per hour provided that it never drops below 
> *one* new session id per hour for the number of hours it takes to reach a 
> count of 500.
> 
> If a proxy server's IP address is active enough to trip the RobotLimit 500 
> then what we are saying is that it is likely to be requesting well in 
> excess of 1 new session id per hour.  If not, it would have been unlikely 
> to have made it all the way to 500 without the addr_ctr/IP being reset.  
> The trouble is that once the 500 limit has been crossed *only* 1 new 
> session_id per hour is required to keep the latch closed and so lock out 
> probably will be permanent for this IP address.
> 
> >Looking at it, it may indeed be less than ideal. Perhaps someone can
> >suggest an algorithm -- nothing clean and correct comes to my mind
> >(new file every day, counting down instead of up if time >
> >Limit->robot_expire * .1, etc.).
> >
> >In the interim, I would think
> >
> >Limit robot_expire 0.002
> >
> >would work in all but the most extreme cases, where again I suggest
> >you need more than RobotLimit to defend you from the onslaught.
> >
> That's a fair point.  I hadn't given any thought to the use of Limit 
> robot_expire with very small values.  A value of 0.002 would means that 
> addr_ctr/IP would be deleted if there were no accesses from the same IP for 
> 3 minutes.

Not no accesses, no new sessions.

> I guess that would work most of the time as I suppose in the 
> middle of the night (if not during the day) requests for new session ids 
> are likely to drop below this level at least once and therefore the 
> addr_ctr/IP file will at least be deleted once every 24 hours.
> 
> At the same time I suppose a 3 minute expiry limit is long enough to 
> provide protection against unrecognised and unruly robots causing lots of 
> new sessions to be spawed in quick succession - I guess this would tend to 
> happen over a timeframe of seconds rather than minutes, so the 3 minutes 
> should be sufficient to mitigate against this.  Is this assumption correct? 
> Do I understand the issue of runaway robots correctly?
> 

That is why I think it is probably good enough. In fact, so good
that I may just pick 0.003 as the new value to put in the foundation
catalog.cfg.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

People who want to share their religious views with you
almost never want you to share yours with them. -- Dave Barry

More information about the interchange-users mailing list