• Script kiddie

    From Sean Dennis@618:618/10 to All on Mon Mar 22 17:43:30 2021
    Hello All,

    I was having some Russian script kiddie pound my telnet port so I fired up the internal OS/2 firewall and it seems to be working just fine.

    The Russians in Fidonet hate me for some reason. I even had a netmailed death threat netmailed to me in very bad pidgin English. XD

    If anyone wants a simple FAQ about using the OS/2 firewall, let me know and I'll write one up.

    Later,
    Sean

    --- GoldED/2 3.0.1
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Mike Powell@618:250/1 to SEAN DENNIS on Tue Mar 23 15:03:00 2021
    I was having some Russian script kiddie pound my telnet port so I fired up the
    nternal OS/2 firewall and it seems to be working just fine.

    The Russians in Fidonet hate me for some reason. I even had a netmailed death
    hreat netmailed to me in very bad pidgin English. XD

    If anyone wants a simple FAQ about using the OS/2 firewall, let me know and I'
    write one up.

    Were they from an IPA starting with 94.232 ? I have been having one of
    those hit my port 27 several times a day, but in burst that seem to be
    roughly 1/2 hour apart. I had to make some setup changes to stop them from crashing my DOS bbs.

    They don't seem to be hitting 23, though, or synchronet isn't much affected
    by it.

    Mike


    * SLMR 2.1a * Answers: $1 |a Correct answers: $5 |a Dumb looks: Free! |
    --- SBBSecho 3.12-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)
  • From Sean Dennis@618:618/10 to Mike Powell on Tue Mar 23 16:42:24 2021
    Hi Mike,

    Were they from an IPA starting with 94.232 ? I have been having one of those hit my port 27 several times a day, but in burst that seem to be roughly 1/2 hour apart. I had to make some setup
    changes to stop them from
    crashing my DOS bbs.

    I'll have to look. The IPs themselves were kinda suspect when I ran them through ARIN. So I just did an entire Class C block with a /20 CIDR range. It's not perfect but it seems to have stopped the attacks for now.

    They don't seem to be hitting 23, though, or synchronet
    isn't much affected
    by it.

    I don't see any unusual activity on any other open ports but I am seriously considering building a pfSense machine. I'd have to move the BBS to the DMZ on my parents' router and lose the interconnectivity to the rest of the equipment in the secure LAN but it might be worth it. I'll look into it.

    Later,
    Sean


    --- Maximus/2 3.01
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Sean Dennis@618:618/10 to Sean Dennis on Tue Mar 23 16:55:14 2021
    Hi Mike,

    The CIDR ranges I have blocked:
    94.232.40.0 (255.255.240.0)
    194.61.54.0 (255.255.248.0)

    Everything seems to be working as far in the firewall doing its job.

    -- Sean


    --- Maximus/2 3.01
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Mike Powell@618:250/1 to SEAN DENNIS on Wed Mar 24 15:33:00 2021
    The CIDR ranges I have blocked:
    94.232.40.0 (255.255.240.0)
    194.61.54.0 (255.255.248.0)
    Everything seems to be working as far in the firewall doing its job.

    I have not noticed that second one, but the first one is the range that was giving me grief. I got them blocked on 23 and 27.

    Mike

    * SLMR 2.1a * Buttblotting Fluid - The blue stuff on diaper commercials
    --- SBBSecho 3.12-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)
  • From Sean Dennis@618:618/10 to Mike Powell on Thu Mar 25 18:17:04 2021
    Mike Powell wrote to SEAN DENNIS <=-

    I have not noticed that second one, but the first one is the range that was giving me grief. I got them blocked on 23 and 27.

    I haven't had any issues after putting those into my OS/2 firewall,
    thankfully. I'm glad it worked. The kiddies were hitting so hard
    they had all four ports locked up in less than a second.

    Later,
    Sean
    ... If one synchronized swimmer drowns, do the rest drown too?
    ___ MultiMail/Win v0.52

    --- Maximus/2 3.01
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Alexander Grotewohl@618:618/10 to Sean Dennis on Fri Mar 26 07:34:02 2021
    On 03-23-21 16:42, Sean Dennis said the following...

    I don't see any unusual activity on any other open ports
    but I am seriously considering building a pfSense machine.
    I'd have to move the BBS to the DMZ on my parents' router
    and lose the interconnectivity to the rest of the equipment
    in the secure LAN but it might be worth it. I'll look into
    it.

    for mine, i just drop anyone who isn't detected as having ansi
    support. with a friendly message of cours.. "get a new client,"
    should the caller ACTUALLY be a person i'd want around.


    --- Maximus/2 3.01
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Sean Dennis@618:618/10 to Alexander Grotewohl on Fri Mar 26 17:44:55 2021
    Hello Alexander,

    Friday March 26 2021 07:34, you wrote to me:

    for mine, i just drop anyone who isn't detected as having ansi
    support. with a friendly message of cours.. "get a new client,"
    should the caller ACTUALLY be a person i'd want around.

    Therein lies the rub: I have callers that do not use ANSI and Maximus does not auto-detect ANSI/RIP emulation upon login^. Also, this asshole who was playing games was DDOSing me and not even letting the BBS answer ... just blowing the port up. This was a directed attack against me by a particular Russian sysop who hates me because I don't care he's some Russian stud. LOL

    It's okay though; OS/2's built-in firewall stopped his games for now.

    By the way, welcome to Micronet. I don't think I've ever seen you post in Micronet before. :D Could you introduce yourself in here? I'd like people to know who you are and how much you've helped me over the years with OS/2.

    Later,
    Sean

    ^ = I do have a MECCA script that can be run to try to do auto-detection of the caller's emulation but it is not perfect and has caused problems where the script would just hang so I quit using it.

    --- GoldED/2 3.0.1
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Alexander Grotewohl@618:618/10 to Sean Dennis on Sat Mar 27 04:53:00 2021
    On 03-26-21 17:44, Sean Dennis said the following...

    By the way, welcome to Micronet. I don't think I've ever
    seen you post in Micronet before. :D Could you introduce
    yourself in here? I'd like people to know who you are and
    how much you've helped me over the years with OS/2.

    now i feel like some sort of OS/2 elmer.. heheh

    i know Sean from back when SysopNet was a thing. basically
    the original BBS irc network that all the thebbs/sync/whatever
    ones are in one way or another related to. i feel like at that
    time you changed BBS softwares once a week or so.. hah. and i
    think by then there were only a couple of us OS/2 users in our
    user circle.

    i was probably a bit obsessed with OS/2 at the time and would
    dump any new info on anyone who would listen. in a sense Sean
    is a victim.. lol. nah, i'd say we just had a good time
    bouncing ideas off of each other with everything leading back
    to the BBS, be it programming (virtual pascal!), irc, message
    networks and whatnot. it's nice to know i was helpful. :)


    --- Maximus/2 3.01
    * Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)
  • From Kevin Nunn@618:200/1 to Alexander Grotewohl on Mon Mar 29 17:55:12 2021
    ALEXANDER GROTEWOHL wrote to SEAN DENNIS <=-

    Welcome!!

    i know Sean from back when SysopNet was a thing. basically
    the original BBS irc network that all the thebbs/sync/whatever
    ones are in one way or another related to. i feel like at that

    I should probably remember you, but back in my BBS days I had a mini
    fridge full of beer next to my BBS computer. So many memories lost :)

    I was around when STN (Sysop Tech Net) started, co-founder actually,
    depending on who you believe. And i was running OS/2 back then, but was
    in/out of the community often. Once the internet hit, I moved on to
    other things. I have come back to the hobby a few times and this last
    time I have stuck around for a good while and don't plan to leave. And
    still running OS/2.

    time you changed BBS softwares once a week or so.. hah. and i

    Didn't we all!? That was part of the fun!

    Kev

    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)