• blocked connections and advice

    From Edmund Wong@1:153/7083 to All on Thu Nov 25 09:02:18 2021
    Hi All,

    I was just watching the 'mis server' screen thinking about what else to do with the BBS (aside for setting up doors :P), when I noticed (and still am) connections to SSH that are being blocked.

    Since the incoming SSH port is set to something non-standard, I can only trust that these are either port-scanners or <insert favorite expletives> trying to hack into my system via ssh.

    In that past when the BBS was connected to a phone line, we wouldn't have this problem. But with the advent of BBS connected to networks, this seems to be a problem.

    Thank goodness g00r00 implemented the blocked connections feature.

    That said, how do you guys deal with this annoyance? At this point in time, I'm not accepting users; but I do log on to my BBS via telnet or ssh (both on non-standard ports).

    Thanks

    Edmund

    ... There are two types of people; those who finish what they start and

    --- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
    * Origin: Eagle's BBS (1:153/7083)
  • From Jay Harris@1:229/664 to Edmund Wong on Wed Nov 24 21:52:00 2021
    On 25 Nov 2021, Edmund Wong said the following...

    I was just watching the 'mis server' screen thinking about what else to
    do with the BBS (aside for setting up doors :P), when I noticed (and
    still am) connections to SSH that are being blocked.

    That said, how do you guys deal with this annoyance?

    I use iptables to block certain county IP blocks from connecting in the first place. Doesn't stop all of them, but it is a lot quieter when you can filter out the riftraft in the first place.

    Here's what I do:

    # Create the ipset lists
    ipset -q -N block4 hash:net
    ipset -q -N block6 hash:net family inet6

    # Download the aggregated country ipsets
    wget https://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
    wget https://www.ipdeny.com/ipv6/ipaddresses/aggregated/cn-aggregated.zone

    (Note: ipdeny.com hasn't renewed their ssl cert since May, but their site still works and they're lists are still good).

    # Populate the ipset lists
    for i in $( cat /tmp/cn4-aggregated.zone ); do ipset -q -A block4 $i; done
    for i in $( cat /tmp/cn6-aggregated.zone ); do ipset -q -A block6 $i; done


    Just repeat this step for any other regions you'd like to block (I personally do cn, ru, ir, kp & kr). A strong case could also be made for blocking br.

    Maybe geocheck the IPs that are connecting to you to see which regions may be the best to block in your circumstance.

    Once you have them all loaded you can save the ipset:

    ipset save > /etc/ipset.conf

    And then you can re-load the list on bootup:

    ipset restore < /etc/ipset.conf

    I have a rule in iptables just to drop traffic from any IP address listed in the ipset:

    iptables -A INPUT -p tcp -m set --match-set block4 src -j DROP
    ip6tables -A INPUT -p tcp -m set --match-set block6 src -j DROP


    I also use Phenom Production's botcheck mpl which makes users press ESC twice when connecting via telnet. If they don't it'll hang up on them after 15 seconds.


    Jay

    ... If everything seems easy, you have obviously overlooked something.

    --- Mystic BBS v1.12 A47 2021/11/24 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From Robert Wolfe@1:116/18 to Edmund Wong on Thu Nov 25 09:26:14 2021
    On 25 Nov 2021, Edmund Wong said the following...

    That said, how do you guys deal with this annoyance? At this point in time, I'm not accepting users; but I do log on to my BBS via telnet or
    ssh (both on non-standard ports).

    You could always turn of SSH connections or just let mis continue to do it's job and block the connections.

    ... The person who snores the loudest will fall asleep first

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: fidonet.winserver.org * Cordova, TN USA (1:116/18)
  • From Edmund Wong@1:153/7083 to Jay Harris on Fri Nov 26 11:51:03 2021
    Hi Jay,

    I use iptables to block certain county IP blocks from connecting in the first place. Doesn't stop all of them, but it is a lot quieter when you can filter out the riftraft in the first place.

    As a quick measure, I just disabled the ssh server part. Sure, it won't prevent them from using the telnet port ;/

    That said, I think using your iptables way might be the best way. That way I can ssh and/or telnet into my system and not worry about 'them'.

    Thanks!

    Edmund

    ... Just another prisoner of gravity!

    --- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
    * Origin: Eagle's BBS (1:153/7083)
  • From Edmund Wong@1:153/7083 to Robert Wolfe on Fri Nov 26 11:52:18 2021
    Hi Robert,

    You could always turn of SSH connections or just let mis continue to do it's job and block the connections.

    I ended up blocking ssh connections; but will most likely implement Jay's method when I get time.

    Thanks

    Edmund

    ... I think I am, therefore, I am... I think.

    --- Mystic BBS v1.12 A47 2021/11/22 (Linux/32)
    * Origin: Eagle's BBS (1:153/7083)