[nos-bbs] fail2ban and denial of service

Michael E Fox - N6MEF n6mef at mefox.org
Mon Feb 9 18:13:23 EST 2015



Now that we have a consistent log file name with 2.0j.7 (and 7p), I've
started configuring fail2ban.  But I just thought of this:


If I configure fail2ban to block an IP address because of, say, a "bad
login" entry in nos.log, then that will also block legitimate telnet
forwarding from that host.  For example, some hacker on another BBS tries
some number of times to telnet to my BBS.  Fail2ban can be configured to
block telnet after some number of failed attempts.  But once telnet from
that IP is blocked, so is legitimate telnet forwarding.  So one bad guy on
the remote BBS creates a denial of service for the whole BBS.


One solution between JNOS systems would be to use AXIP tunnels for
forwarding so telnet can be cut off separately.  Other legitimate telnet
users from that host would still be cut off because of the one bad apple,
but at least forwarding would continue.  But for other BBSs like FBB, I
don't know if AXIP is an option for forwarding.


Any thoughts?  How are you guys dealing with this?






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20150209/fa88b428/attachment.html>

More information about the nos-bbs mailing list