[nos-bbs] fail2ban and denial of service

Michael E Fox - N6MEF n6mef at mefox.org
Mon Feb 9 18:32:10 EST 2015


Same problem, right?

In other words, say I have telnet forwarding set up between my machine and
AA6AA.  Then some user on AA6AA tries to telnet to my machine as root a few
times.  So I block AA6AA's IP.  Now forwarding is cut off for the whole BBS.

Hmmm.

M

> -----Original Message-----
> From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
> Of Maiko Langelaar
> Sent: Monday, February 09, 2015 3:18 PM
> To: TAPR xNOS Mailing List
> Subject: Re: [nos-bbs] fail2ban and denial of service
> 
> Arrggggggg, this was supposed to go to the list ...
> 
> ---------- Forwarded message ----------
> Date: Mon, 9 Feb 2015 17:17:09 -0600 (CST)
> From: Maiko Langelaar <maiko at pcs.mb.ca>
> To: Michael E Fox - N6MEF <n6mef at mefox.org>
> Subject: Re: [nos-bbs] fail2ban and denial of service
> 
> 
> I have an experimental 'blacklist' for telnet based on some
> new tcp access mods I did a few weeks ago. It will blacklist
> any invalid logins (like root, sh, and so on) using the tcp
> access functionality. It does it immediately. I doubt the
> ip addresses blacklisted are the same ones providing good
> callsigns.
> 
> I was hoping this could wait, but I guess if you want me
> to release it for fun, I could do that ...
> 
> > If I configure fail2ban to block an IP address because of, say, a ?bad
> > login? entry in nos.log, then that will also block legitimate telnet
> > forwarding from that host.
> 
> Chances of legitimate logins to JNOS from the same IP that tried 'root'
> and
> 'sh' (so far anyways) are next to none that I've seen
> (so far that is).
> 
> M
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs




More information about the nos-bbs mailing list