<html><head></head><body>Can't you use something like fail2ban? It watches logs for auth failures to block ips via iptables.<br>
<br>
Docs for wwiv bbs:<br>
<a href="http://docs.wwivbbs.org/en/latest/fail2ban">http://docs.wwivbbs.org/en/latest/fail2ban</a><br>
<br>
<br>
- Dennis<br><br><div class="gmail_quote">On May 28, 2018 1:16:42 PM EDT, Ken D'Ambrosio <ken@jots.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Hey, all. I belong to the last of a dying breed, a bulletin board. (No, <br>we no longer do dialup; it's accepted telnet since '90 or so.) And it's <br>currently under the purview of someone, though he hasn't been able to <br>give it the attention it needs, so I think it's about to go to Digital <br>Ocean. (Indeed, as I type this, it's offline -- which is responsible <br>for the whole line of thinking for this e-mail.) Migration would <br>normally be unremarkable, and not require an e-mail here, but... the <br>damn Russian botnet problem (the one that brought Dyn down last year) <br>has also caused us an issue. The current admin has largely mitigated it <br>through blacklists, but I was wondering if there might be a more <br>graceful approach. Issue: the botnet attempts to expand by searching <br>for other embedded devices (generally, cameras)... by way of port 23. <br>Telnet. At any given time, we may have a dozen bogus connections from <br>botnets, all trying to log in as "admin". Of course, they fail, but <br>they chew up ports, and seem to even have uncovered a bug in the BBS <br>code, just by raw number of connections. Can anyone think of a way to <br>act as a proxy and:<br>* Accept a telnet connection<br>* Offer a login prompt<br>* Reject/close the connection if the username offered is "admin"<br>* Forward on the connection/credentials and act as a proxy if it's <br>literally anything else?<br><br>I've taken a stab at it in Ruby, but seem to have issues understanding <br>exactly how the telnet module works...<br><br>Thanks kindly for any thoughts or insights,<br><br>-Ken<br><br>P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that <br>interested in logging in like it's 1993. Apologies to Prince.<br><hr><br>gnhlug-discuss mailing list<br>gnhlug-discuss@mail.gnhlug.org<br><a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/">http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/</a><br></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>