1. Forum
  2. FidoNet
  3. FN SYSOP

  • Telnet, TelnetS, and SSH Connections

    From Scott Street@1:266/625 to All on Mon Aug 11 15:50:56 2025
    To my fellow Sysop's with Telnet, TelnetS, and SSH ports open to the Internet:

    A question, perhaps even a poll, what kind of 'protection' do you have in place for abusive connections?

    For example, I already have entire country IP assignments blocked and if a host (IP) connects more then 5 times in a 60 second window, that IP is blocked, and added to my firewall's drop rules. These seems to have reduced the number of unwanted connections over the last year or so.

    Does anyone have a better scheme?

    Cheers,
    Scott

    --- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
    * Origin: <=-{ The Digital Post }-=> (1:266/625)
  • From Rob Swindell@1:103/705 to Scott Street on Mon Aug 11 15:27:34 2025
    Re: Telnet, TelnetS, and SSH Connections
    By: Scott Street to All on Mon Aug 11 2025 03:50 pm

    To my fellow Sysop's with Telnet, TelnetS, and SSH ports open to the Internet:

    A question, perhaps even a poll, what kind of 'protection' do you have in place for abusive connections?

    For example, I already have entire country IP assignments blocked and if a host (IP) connects more then 5 times in a 60 second window, that IP is blocked, and added to my firewall's drop rules. These seems to have reduced the number of unwanted connections over the last year or so.

    Does anyone have a better scheme?

    Synchronet has support for multiple schemes:

    - limiting the number of concurrent connections from the same IP address
    (authenticated connnections, e.g. logged-in users, are exempt from this)
    - auto-throttling and temp-blocking IPs with multiple consecutive failed login attempts
    - short inactivity timeout for dumb (e.g. non-ANSI) terminals

    For more info: https://wiki.synchro.net/howto:block-hackers
    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Fernando Toledo@4:902/26 to All on Tue Aug 12 20:16:50 2025
    El 11/8/25 a las 16:50, Scott Street (1:266/625) escribió:
    To my fellow Sysop's with Telnet, TelnetS, and SSH ports open to the Internet:

    A question, perhaps even a poll, what kind of 'protection' do you have in place for abusive connections?

    For example, I already have entire country IP assignments blocked and if a host (IP) connects more then 5 times in a 60 second window, that IP is blocked, and added to my firewall's drop rules. These seems to have reduced the number of unwanted connections over the last year or so.

    Does anyone have a better scheme?

    fail2ban works fine.
    --- SBBSecho 3.27-Linux
    * Origin: Dock Sud BBS - http://bbs.docksud.com.ar (4:902/26)