I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

---
þ Synchronet þ SpaceSST BBS - mccarragher.org

Re: About Hammering
By: spacesst to All on Mon Feb 01 2016 10:29 am

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

Yes, search for LoginAttemptThrottle at http://wiki.synchro.net/config:sbbs.ini

digital man

Synchronet "Real Fact" #64:
Synchronet can dynamically compress and uncompress message bases (using LZH). Norco, CA WX: 60.2øF, 29.0% humidity, 6 mph W wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: spacesst to All on Mon Feb 01 2016 10:29 am

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

block the ips
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: About Hammering
By: Digital Man to spacesst on Mon Feb 01 2016 09:36:51

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for
Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

Yes, search for LoginAttemptThrottle at http://wiki.synchro.net/config:sbbs.ini

Found it , Thanks
--- SBBSecho 2.33-Win32
* Origin: SpaceSST BBS (1:249/206)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for

Hours

and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

block the ips

The thing is that no matter how many times you block an IP for hammering, others always appear.. I've seen some posts on Dove-Net for some auto-
blocker scripts that some sysops have written, which will automatically add
an IP address to ip.can after being hammered from them for so long.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com

Hello Digital,

On 01 Feb 16 09:36, Digital Man wrote to spacesst:

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for
Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

Yes, search for LoginAttemptThrottle at http://wiki.synchro.net/config:sbbs.ini

To add to this.. does anything in that section of sbbs.ini take care of the same IP address hammering you via telnet, taking up one or more nodes at a time, sitting there, and eventually disconnecting (ie: without actually trying a name/password)?

Regards,
Nick

--- GoldED+/LNX 1.1.5-b20151129
* Origin: thePharcyde_ telnet://bbs.pharcyde.org (Wisconsin) (723:1/701)
þ Synchronet þ thePharcyde_ telnet://bbs.pharcyde.org (Wisconsin)

Re: Re: About Hammering
By: Accession to Digital Man on Mon Feb 01 2016 17:32:30

To add to this.. does anything in that section of sbbs.ini take care of the same IP address hammering you via telnet, taking up one or more nodes at a time, sitting there, and eventually disconnecting (ie: without actually trying a name/password)?

Yeah, that would be nice. I keep getting that too. I've had it lock up the system at least once for some reason.
--- SBBSecho 2.33-Win32
* Origin: The Lions Den BBS, Trenton, On, CDN (1:249/303)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: Nightfox to Mro on Mon Feb 01 2016 04:10 pm

block the ips

The thing is that no matter how many times you block an IP for hammering, others always appear.. I've seen some posts on Dove-Net for some auto- blocker scripts that some sysops have written, which will automatically add an IP address to ip.can after being hammered from them for so long.

well, nothing is better than a watchful eye. i add ips manually to the .can files and my software firewall. also blocking countries helps.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Re: About Hammering
By: Accession to Digital Man on Mon Feb 01 2016 05:32 pm

Hello Digital,

On 01 Feb 16 09:36, Digital Man wrote to spacesst:

I have SBBS and i notice for mounth , lot of Hammering on Port 23
they want to login as admin or else , sometime 2-3 in same time for
Hours and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

Yes, search for LoginAttemptThrottle at http://wiki.synchro.net/config:sbbs.ini

To add to this.. does anything in that section of sbbs.ini take care of the same IP address hammering you via telnet, taking up one or more nodes at a time, sitting there, and eventually disconnecting (ie: without actually trying a name/password)?

No, a login must be attempted.

digital man

Synchronet "Real Fact" #75:
Michael Swindell still has the "Synchronet Blimp" in his possession.
Norco, CA WX: 60.2øF, 29.0% humidity, 6 mph W wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

01 Feb 16 16:10, you wrote to Mro:

I have SBBS and i notice for mounth , lot of Hammering on Port 23 they
want to login as admin or else , sometime 2-3 in same time for Hours
and sometime for days...

Does a Feature Exist or Will Exist to Block to Hammering on SSBS ?

block the ips

The thing is that no matter how many times you block an IP for
hammering, others always appear.. I've seen some posts on Dove-Net
for some auto- blocker scripts that some sysops have written, which
will automatically add an IP address to ip.can after being hammered
from them for so long.

this is one reason why i advocate that one use an IDS on their perimeter firewall or between their perimeter firewall and their systems... no scripts are needed... only an IDS rule to catch conections that surpass a certain level... an added benefit is that you don't block thousands or millions of addresses and only those that are causing problems ;)

)\/(ark

... It's good to be children sometimes and never better than at Christmas.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

02 Feb 16 17:23, you wrote to Nightfox:

block the ips

The thing is that no matter how many times you block an IP for
hammering, others always appear.. I've seen some posts on Dove-Net for
some auto- blocker scripts that some sysops have written, which will
automatically add an IP address to ip.can after being hammered from
them for so long.

well, nothing is better than a watchful eye. i add ips manually to the .can files and my software firewall. also blocking countries helps.

ha! newbie!! ;) ;) ;) ;) ;) ;) ;)

)\/(ark

... Modem sex begins with a handshake.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: mark lewis to Mro on Tue Feb 02 2016 08:47 pm

well, nothing is better than a watchful eye. i add ips manually to the .can files and my software firewall. also blocking countries helps.

ha! newbie!! ;) ;) ;) ;) ;) ;) ;)

okay you can have north korea and russia!
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

02 Feb 16 17:02, you wrote to Accession:

http://wiki.synchro.net/config:sbbs.ini

To add to this.. does anything in that section of sbbs.ini take care of
the same IP address hammering you via telnet, taking up one or more
nodes at a time, sitting there, and eventually disconnecting (ie:
without actually trying a name/password)?

No, a login must be attempted.

are you saying that a TCP SYN/ACK connection can (easily) (D)DOS an synchronet system??

)\/(ark

... Bagel: a doughnut with rigor mortis.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: mark lewis to Digital Man on Tue Feb 02 2016 09:12 pm

02 Feb 16 17:02, you wrote to Accession:

http://wiki.synchro.net/config:sbbs.ini

To add to this.. does anything in that section of sbbs.ini take care of
the same IP address hammering you via telnet, taking up one or more
nodes at a time, sitting there, and eventually disconnecting (ie:
without actually trying a name/password)?

No, a login must be attempted.

are you saying that a TCP SYN/ACK connection can (easily) (D)DOS an synchronet system??

Sure. Synchronet is very susceptible to (D)DOS. <shrug>

digital man

Synchronet "Real Fact" #44:
Synchronet External "Plain Old Telephone System" support was introduced in 2007.
Norco, CA WX: 60.2øF, 29.0% humidity, 6 mph W wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: mark lewis to Digital Man on Tue Feb 02 2016 09:12 pm

are you saying that a TCP SYN/ACK connection can (easily) (D)DOS an synchronet system??

yeah, try it yourself.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

02 Feb 16 21:11, you wrote to me:

well, nothing is better than a watchful eye. i add ips manually to
the .can files and my software firewall. also blocking countries
helps.

ha! newbie!! ;) ;) ;) ;) ;) ;) ;)

okay you can have north korea and russia!

they are welcome here on all the systems i host... the only time any IP is blocked is if it actually attempts to perform an attack or an undesired activity... try connecting to my system on port 3306 (or any other SQL server port)... then try connecting to any of my other servers and see what happens ;)

)\/(ark

... Before borrowing money from a friend, decide which one you need more.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

02 Feb 16 21:42, you wrote to me:

the same IP address hammering you via telnet, taking up one or more
nodes at a time, sitting there, and eventually disconnecting (ie:
without actually trying a name/password)?

No, a login must be attempted.

are you saying that a TCP SYN/ACK connection can (easily) (D)DOS an
synchronet system??

Sure. Synchronet is very susceptible to (D)DOS. <shrug>

there should be a way to detect and block connection attempts that don't go anywhere or attempt to login in... maybe by keeping a table of IPs that timeout
at the login prompt? after X number of these, they're automatically added to synchronet's block list?

that might break BBS list auto-updaters though... that could be a good thing ;)
if one wants to appear on a BBS list, they could add that list's IP to their white list so that it isn't blocked... good BBS list updaters should terminate the connection properly... they might even perform an actual login and disconnect properly...

)\/(ark

... Canada didn't have a revolution to establish a continental nation!
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: mark lewis to Mro on Wed Feb 03 2016 10:10 am

well, nothing is better than a watchful eye. i add ips manually to
the .can files and my software firewall. also blocking countries
helps.

ha! newbie!! ;) ;) ;) ;) ;) ;) ;)

okay you can have north korea and russia!

they are welcome here on all the systems i host... the only time any IP is blocked is if it actually attempts to perform an attack or an undesired activity... try connecting to my system on port 3306 (or any other SQL server port)... then try connecting to any of my other servers and see what happens ;)

whats your url?
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: About Hammering
By: mark lewis to Digital Man on Wed Feb 03 2016 10:16 am

there should be a way to detect and block connection attempts that don't go anywhere or attempt to login in... maybe by keeping a table of IPs that timeout at the login prompt? after X number of these, they're automatically added to synchronet's block list?

even if they're in the block list they stress the system if there's an attack.

that might break BBS list auto-updaters though... that could be a good
thing ;) if one wants to appear on a BBS list, they could add that list's
IP to their white list so that it isn't blocked... good BBS list updaters should terminate the connection properly... they might even perform an actual login and disconnect properly...

i dont know of any bbs list updaters that might do a login and disconnect "properly"; everyone's system is different.

what the service can do is tell the user that the service ip is xxx and then the user can whitelist it. i know in the past there were bbs lists that had checks like frank linhares that attempted to do checks but had false results. not sure what script he was using.


telnetbbsguide has a checker that just connects and disconnects. i'm okay with that but he got added to my blocklist by a script once.


bbsfinder has a client the user uses and that works well. When the site operator remembers to renew his domains and keep his computer in the basement running.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

03 Feb 16 15:47, you wrote to me:

ha! newbie!! ;) ;) ;) ;) ;) ;) ;)

okay you can have north korea and russia!

they are welcome here on all the systems i host... the only time any
IP is blocked is if it actually attempts to perform an attack or an
undesired activity... try connecting to my system on port 3306 (or
any other SQL server port)... then try connecting to any of my other
servers and see what happens ;)

whats your url?

i keep forgetting that you guys don't have access to the nodelist :?

bbs.wpusa.dynip.com

)\/(ark

... Yesterday was the deadline for all complaints.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

03 Feb 16 15:52, you wrote to me:

there should be a way to detect and block connection attempts that
don't go anywhere or attempt to login in... maybe by keeping a table of
IPs that timeout at the login prompt? after X number of these, they're
automatically added to synchronet's block list?

even if they're in the block list they stress the system if there's an attack.

exactly the point i try to make each time this topic comes up... blocking IPs should be done on the network's perimeter firewall so as to not stress the server(s) or any other machines on the network...

that might break BBS list auto-updaters though... that could be a good
thing ;) if one wants to appear on a BBS list, they could add that
list's IP to their white list so that it isn't blocked... good BBS list
updaters should terminate the connection properly... they might even
perform an actual login and disconnect properly...

i dont know of any bbs list updaters that might do a login and
disconnect "properly"; everyone's system is different.

there is that... so maybe those automated BBS list updaters need to go away instead of chewing up BBS nodes? i mean, imagine if you have allocated 5 nodes for telnet and there's 15 automated BBS list updaters out there... i know that this happens as i've seen it happening and traced the IPs back to these types of things... we've even discussed at least one of them in recent years... the one where the guy doesn't give his name or handle at all on the page served by his IP which is hosted at some hosting company...

what the service can do is tell the user that the service ip is xxx
and then the user can whitelist it.

what "user"? we're talking about the sysop whitelisting the service if he wants
their service to probe his system like the telnet hackers do...

i know in the past there were bbs lists that had checks like frank linhares that attempted to do checks but had false results. not sure
what script he was using.

me either...

telnetbbsguide has a checker that just connects and disconnects. i'm
okay with that but he got added to my blocklist by a script once.

yes, as long as the disconnect drops immediately and the node recycles... it is
those that sit there until the timeout period elapses that folks are complaining about...

bbsfinder has a client the user uses and that works well. When the
site operator remembers to renew his domains and keep his computer in
the basement running.

again, what "user"??

)\/(ark

... The moderator is a stupid, idiotic, good for no#@^%$@&#%# &lt;NO CARRIER&g ---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: mark lewis to Mro on Wed Feb 03 2016 06:45 pm

bbsfinder has a client the user uses and that works well. When the site operator remembers to renew his domains and keep his computer in the basement running.

again, what "user"??

there is the host system and then the user.

the user has the client that updates with the host system.
that is how bbsfinder works.

with telnetbbsguide the host system polls the user's address from the list to see if it's up.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

03 Feb 16 20:13, you wrote to me:

bbsfinder has a client the user uses and that works well. When the
site operator remembers to renew his domains and keep his computer
in the basement running.

again, what "user"??

there is the host system and then the user.

do you mean to say that the ""user"" is the sysop of the host system??

the user has the client that updates with the host system. that is how bbsfinder works.

so kinda like a DDNS updater that updates your static domain name with your dynamic IP number??

with telnetbbsguide the host system polls the user's address from the
list to see if it's up.

that's like the other lists that poll and act like hackers do that connect and don't do anything else other than tying up a node until it times out from no activity??

)\/(ark

... 14. Keep a picture of your first fish, first car, and first girl/boyfriend. ---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: About Hammering
By: Nightfox to Mro on Mon Feb 01 2016 04:10 pm

block the ips

The thing is that no matter how many times you block an IP for hammering, others always appear.. I've seen some posts on Dove-Net for some auto- blocker scripts that some sysops have written, which will automatically add an IP address to ip.can after being hammered from them for so long.

it's part of being on the internet. you can block certain countries and that helps. i dont want any russians or north koreans.

trust me, nobody suffers more than i with this shit. i took over datastream and ace signed up for every get rich quick scheme and used his bbs email address.

---
þ Synchronet þ ::: BBSES.info - free BBS services :::