• FidoGazette Vol 10 no 40

    From Mike Miller@1:154/30 to Daryl Stout on Fri Jul 27 01:25:02 2018
    Hello Daryl!

    09 Oct 16 12:46, you wrote to me:

    Hello Daryl!

    Hi, Mike...

    I set up a script that blacklists any IP that connects to a port
    more than 5 times in a couple minutes. iptables blocks the
    address for a few hours. If it continues trying after 3
    temporary blocks, the IP is permanently blocked.

    basically, it is a modified version of CSF (ConfigServer
    Firewall) which is a perl wrapper and login failure daemon for
    web-hosting providers.

    Good deal.

    Too bad Sysops have to implement such measures.

    It's pretty common for any internet-connected machine to use something like this. SSH ports get hammered by bots looking to brute-force their way into a system and have for the last 10+ years.

    I have some machines set up as "honeypots" where, if something like this hits them, the entire cluster blocks that IP address. I've definitely seen an uptick
    in connections to port 23 lately though. I have no idea why IOT devices insist on using telnet, as implementing ssh is simple.



    Mike


    ... Victory find a hundred fathers, but defeat is an orphan.
    --- GoldED+/LNX 1.1.5-b20160322
    * Origin: War Ensemble - warensemble.com - Appleton, WI (1:154/30)
  • From Daryl Stout@1:19/33 to MIKE MILLER on Sat Jul 28 19:13:00 2018
    Hello Daryl!

    Hi, Mike...

    It's pretty common for any internet-connected machine to use something lik
    this. SSH ports get hammered by bots looking to brute-force their way into MM>system and have for the last 10+ years.

    And, we thought twits in the dial-up days were bad. :P

    I have some machines set up as "honeypots" where, if something like this hit MM>them, the entire cluster blocks that IP address. I've definitely seen an upt MM>in connections to port 23 lately though. I have no idea why IOT devices insi MM>on using telnet, as implementing ssh is simple.

    I have implemented PeerBlock on my end, and a lot of these bots have
    "no name" with their hostname. One of my users, a fellow Synchronet
    Sysop, has that, but I sent him a note to advise him to logon to an
    external FTelnet link into the BBS. It's via a proxy server in
    California, but he could still logon to the BBS. I'm going to add a
    bulletin for such...but we're in a stormy weather pattern right now, so
    the BBS is down more than up lately.

    Daryl

    ===
    þ OLX 1.53 þ I'm Dyslexia Of Borg. Prepare To Have Your Ass Laminated.
    --- SBBSecho 3.05-Win32
    * Origin: FIDONet: The Thunderbolt BBS - wx1der.dyndns.org (1:19/33)