[nos-bbs] jnos blacklist feature (was Re: Jnos memory leak with forwarding)

Maiko Langelaar maiko at pcs.mb.ca
Thu Oct 19 14:06:36 EDT 2017


I saw the part about login attemps and fail2ban, so here goes :

 > But if it's login attempts, then a useful tool is fail2ban.

I wrote an experimental feature that blacklists bad logins. It might
require 'refinements' to what people consider a bad login, but here
are the autoexec.nos entries that I use on my production system :

# run tcp watch for stale TCB entries (syn attacks) - every 5 min
tcp watch 300

# blacklist feature requires 'tcp access', at minimum you
# must have this entry FIRST in the tcp access entries.
tcp access permit all

# blacklist bad logins for 15 minutes (900 seconds)
mbox blacklist 900

Look at the release notes on my webpage, and search for the
word 'blacklist' it's all there. You should also note the additional
'tcp access expiry' feature to keep blacklist sizes 'in control'.

Maiko




More information about the nos-bbs mailing list