[nos-bbs] JNOS with public telnet

Kerry Smith n3nxo at yahoo.com
Wed Jun 1 23:19:49 EDT 2011 

Michael,
What i've got on my side of the fence here in PA is my GATEWAY machine
is wide open to anyone who want's to telnet in.  They can telnet in on the
44 ip or my comercial ip.  Once they telnet in, they can look around, read
bulls and such.  They CAN NOT telnet out, ping or send any mail, EXCEPT
sending mail to the sysop, ASKING for more perms.  AFter I verify them,
i'll have them send a password they want and set there account up on the
box.  
 
Here is the stickey part.  Once the user is known on the box, has his
call sign and password loaded into the ftpusers file, they MUST use that
combo to gain access to the box.  If they forget there password, then they
have to give me a yell for password change or recovery.  Mind, they can still
log in with example, there name or something like that and have limited access.
 
Now, if someone is sitting on a 44 address, they can log into my RF box 
directly via the netrom.  Thing is, they have to have a netrom path to the
RF box.  I'm thinking that if someone else has left them have privs to netrom
or telnet out of there box, they SHOULD have already been checked out.
This is where i'm relying on the rest of the 44 community to police there
equipment as I attempt to do.
 
Kerry - n3nxo
 


--- On Wed, 6/1/11, Michael Fox - N6MEF <n6mef at mefox.org> wrote:


From: Michael Fox - N6MEF <n6mef at mefox.org>
Subject: [nos-bbs] JNOS with public telnet
To: "'TAPR xNOS Mailing List'" <nos-bbs at tapr.org>
Date: Wednesday, June 1, 2011, 12:49 PM






What is the experience out there with allowing public telnet access to JNOS?  And, if you do allow it on your machine, what security measures have you taken?
 
Some background:  
On my Linux machine, I have iptables rules to avoid SYN attacks and rules to avoid more than X number of connections from a given host within Y amount of time.  These apply to connections to linux as well as connections forwarded across the tunnel to JNOS.  This puts a damper on brute force attacks such as dictionary attacks.  
 
However, linux is also running DenyHosts which is set to disallow (forever) connections from machines that have more than X failed login attempts in a row.  This pretty much kills dictionary attacks except if they come from multiple machines.  Every day, I record at least one (sometimes two or three) machines that have been added to the denyhosts file.  So I know for sure that there is a constant flow of attack.
 
Since something like DenyHosts is not available at the JNOS level, the iptables rules can slow down, but not completely stop brute force attacks from a given hosts.  So, I’m wondering if anyone with public telnet access has any other tricks up their sleeve for helping to secure JNOS.
 
Thanks,
Michael
N6MEF
-----Inline Attachment Follows-----


_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20110601/5aecfae0/attachment.html>

More information about the nos-bbs mailing list