Re: Russian incursion... to my bulletin board.
Get blockhosts, it works very well across multiple services using multiple methods: https://www.aczoom.com/archive-2016/blockhosts/ mark On Mon, May 28, 2018 at 1:16 PM, Ken D'Ambrosio wrote: > Hey, all. I belong to the last of a dying breed, a bulletin board. (No, > we no longer do dialup; it's accepted telnet since '90 or so.) And it's > currently under the purview of someone, though he hasn't been able to > give it the attention it needs, so I think it's about to go to Digital > Ocean. (Indeed, as I type this, it's offline -- which is responsible > for the whole line of thinking for this e-mail.) Migration would > normally be unremarkable, and not require an e-mail here, but... the > damn Russian botnet problem (the one that brought Dyn down last year) > has also caused us an issue. The current admin has largely mitigated it > through blacklists, but I was wondering if there might be a more > graceful approach. Issue: the botnet attempts to expand by searching > for other embedded devices (generally, cameras)... by way of port 23. > Telnet. At any given time, we may have a dozen bogus connections from > botnets, all trying to log in as "admin". Of course, they fail, but > they chew up ports, and seem to even have uncovered a bug in the BBS > code, just by raw number of connections. Can anyone think of a way to > act as a proxy and: > * Accept a telnet connection > * Offer a login prompt > * Reject/close the connection if the username offered is "admin" > * Forward on the connection/credentials and act as a proxy if it's > literally anything else? > > I've taken a stab at it in Ruby, but seem to have issues understanding > exactly how the telnet module works... > > Thanks kindly for any thoughts or insights, > > -Ken > > P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that > interested in logging in like it's 1993. Apologies to Prince. > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Russian incursion... to my bulletin board.
Can't you use something like fail2ban? It watches logs for auth failures to block ips via iptables. Docs for wwiv bbs: http://docs.wwivbbs.org/en/latest/fail2ban - Dennis On May 28, 2018 1:16:42 PM EDT, Ken D'Ambrosio wrote: >Hey, all. I belong to the last of a dying breed, a bulletin board. >(No, >we no longer do dialup; it's accepted telnet since '90 or so.) And >it's >currently under the purview of someone, though he hasn't been able to >give it the attention it needs, so I think it's about to go to Digital >Ocean. (Indeed, as I type this, it's offline -- which is responsible >for the whole line of thinking for this e-mail.) Migration would >normally be unremarkable, and not require an e-mail here, but... the >damn Russian botnet problem (the one that brought Dyn down last year) >has also caused us an issue. The current admin has largely mitigated >it >through blacklists, but I was wondering if there might be a more >graceful approach. Issue: the botnet attempts to expand by searching >for other embedded devices (generally, cameras)... by way of port 23. >Telnet. At any given time, we may have a dozen bogus connections from >botnets, all trying to log in as "admin". Of course, they fail, but >they chew up ports, and seem to even have uncovered a bug in the BBS >code, just by raw number of connections. Can anyone think of a way to >act as a proxy and: >* Accept a telnet connection >* Offer a login prompt >* Reject/close the connection if the username offered is "admin" >* Forward on the connection/credentials and act as a proxy if it's >literally anything else? > >I've taken a stab at it in Ruby, but seem to have issues understanding >exactly how the telnet module works... > >Thanks kindly for any thoughts or insights, > >-Ken > >P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that > >interested in logging in like it's 1993. Apologies to Prince. >___ >gnhlug-discuss mailing list >gnhlug-discuss@mail.gnhlug.org >http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Russian incursion... to my bulletin board.
Hey, all. I belong to the last of a dying breed, a bulletin board. (No, we no longer do dialup; it's accepted telnet since '90 or so.) And it's currently under the purview of someone, though he hasn't been able to give it the attention it needs, so I think it's about to go to Digital Ocean. (Indeed, as I type this, it's offline -- which is responsible for the whole line of thinking for this e-mail.) Migration would normally be unremarkable, and not require an e-mail here, but... the damn Russian botnet problem (the one that brought Dyn down last year) has also caused us an issue. The current admin has largely mitigated it through blacklists, but I was wondering if there might be a more graceful approach. Issue: the botnet attempts to expand by searching for other embedded devices (generally, cameras)... by way of port 23. Telnet. At any given time, we may have a dozen bogus connections from botnets, all trying to log in as "admin". Of course, they fail, but they chew up ports, and seem to even have uncovered a bug in the BBS code, just by raw number of connections. Can anyone think of a way to act as a proxy and: * Accept a telnet connection * Offer a login prompt * Reject/close the connection if the username offered is "admin" * Forward on the connection/credentials and act as a proxy if it's literally anything else? I've taken a stab at it in Ruby, but seem to have issues understanding exactly how the telnet module works... Thanks kindly for any thoughts or insights, -Ken P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that interested in logging in like it's 1993. Apologies to Prince. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/