Russian incursion... to my bulletin board.
Dennis Straffin
dennis at straffin.net
Mon May 28 16:34:54 EDT 2018
Can't you use something like fail2ban? It watches logs for auth failures to block ips via iptables.
Docs for wwiv bbs:
http://docs.wwivbbs.org/en/latest/fail2ban
- Dennis
On May 28, 2018 1:16:42 PM EDT, Ken D'Ambrosio <ken at jots.org> wrote:
>Hey, all. I belong to the last of a dying breed, a bulletin board.
>(No,
>we no longer do dialup; it's accepted telnet since '90 or so.) And
>it's
>currently under the purview of someone, though he hasn't been able to
>give it the attention it needs, so I think it's about to go to Digital
>Ocean. (Indeed, as I type this, it's offline -- which is responsible
>for the whole line of thinking for this e-mail.) Migration would
>normally be unremarkable, and not require an e-mail here, but... the
>damn Russian botnet problem (the one that brought Dyn down last year)
>has also caused us an issue. The current admin has largely mitigated
>it
>through blacklists, but I was wondering if there might be a more
>graceful approach. Issue: the botnet attempts to expand by searching
>for other embedded devices (generally, cameras)... by way of port 23.
>Telnet. At any given time, we may have a dozen bogus connections from
>botnets, all trying to log in as "admin". Of course, they fail, but
>they chew up ports, and seem to even have uncovered a bug in the BBS
>code, just by raw number of connections. Can anyone think of a way to
>act as a proxy and:
>* Accept a telnet connection
>* Offer a login prompt
>* Reject/close the connection if the username offered is "admin"
>* Forward on the connection/credentials and act as a proxy if it's
>literally anything else?
>
>I've taken a stab at it in Ruby, but seem to have issues understanding
>exactly how the telnet module works...
>
>Thanks kindly for any thoughts or insights,
>
>-Ken
>
>P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that
>
>interested in logging in like it's 1993. Apologies to Prince.
>_______________________________________________
>gnhlug-discuss mailing list
>gnhlug-discuss at mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20180528/02976e4c/attachment.html
More information about the gnhlug-discuss
mailing list