[nos-bbs] jnos blacklist feature (was Re: Jnos memory leak with forwarding)

Gustavo Ponza g.ponza at tin.it
Thu Oct 19 16:53:22 EDT 2017

On 10/19/2017 08:06 PM, Maiko Langelaar wrote:
> I saw the part about login attemps and fail2ban, so here goes :
> > But if it's login attempts, then a useful tool is fail2ban.
> I wrote an experimental feature that blacklists bad logins. It might
> require 'refinements' to what people consider a bad login, but here
> are the autoexec.nos entries that I use on my production system :
> # run tcp watch for stale TCB entries (syn attacks) - every 5 min
> tcp watch 300
> # blacklist feature requires 'tcp access', at minimum you
> # must have this entry FIRST in the tcp access entries.
> tcp access permit all
> # blacklist bad logins for 15 minutes (900 seconds)
> mbox blacklist 900
> Look at the release notes on my webpage, and search for the
> word 'blacklist' it's all there. You should also note the additional
> 'tcp access expiry' feature to keep blacklist sizes 'in control'.
> Maiko

TNX Maiko.
I used some TCP commands but not the full set of those above.

Look at the Max values inbound and outbound registered today
on the 'tun0' interface :)

  Description: SICD TCP/IP router and Hamradio server
    ifType:      Linux Tunnel interface
    ifName:      tun0
    Max Speed:   1.0 MBytes/s
    Ip: (i0ojj.ampr.org)

    The statistics were last updated Thursday, 19 October 2017 at 22:40,
    at which time 'i0ojj.ampr.org' had been up for 0:00:00.

`Daily' Graph (5 Minute Average)

               Max            Average          Current
    In  66.1 kb/s (0.8%) 952.0 b/s (0.0%) 816.0 b/s (0.0%)
    Out 17.2 kb/s (0.2%) 912.0 b/s (0.0%) 280.0 b/s (0.0%)

73 and ciao, gus i0ojj/ir0aab
A proud member of linux team
Quidquid latine dictum sit, altum videtur

More information about the nos-bbs mailing list