Hi guys

As some of you may know I run an othernet in Zone 21 and have a /999 test AKA that nodes who which to test their polling setup to my HUB can use when first setting up and before they apply and get their own node number.

The problem I have at present is that someone has set up their BBS and is polling the HUB every 2 minutes using the test AKA. This is way too frequent, has been going on for weeks, and despite a netmail to that test system asking for the sysop to contact me to arrange their own node number, there's been no reply and no let up in polling frequency.

I'm looking for a way for BinkD to reject the incoming connection based on something like SYS or ZYZ info presented. Is such a thing possible using a
perl script or similar?

Note I am not a perl guru so any suggested fix you have I'd appreciate a bit
of hand holding to implement it.

Also of note, setting such a block up is not my preferred choice but I have exhausted options to contact the unknown sysop and want to ensure the test
AKA is available for others to send/recieve packets from also... with a polling frequency of 2 mins the offending system gives no one else a look in.

Thanks for your thoughts / guidance.

Best, Paul
--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)

Hi! Paul,

On 20 May 2021, Paul Hayton said the following...

I'm looking for a way for BinkD to reject the incoming connection based
on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?

I see in the binkD FAQ that there is a way to block a known IP. Check out
the distro .CFG file. Good luck.

Cheers,
Paul.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/32)
* Origin: Quinn's Rock - stuck in a Linux VM, again! (3:640/1384)

Hi Paul,

On 2021-05-20 19:59:44, you wrote to All:

As some of you may know I run an othernet in Zone 21 and have a /999
test AKA that nodes who which to test their polling setup to my HUB
can use when first setting up and before they apply and get their own
node number.

The problem I have at present is that someone has set up their BBS and
is polling the HUB every 2 minutes using the test AKA. This is way too frequent, has been going on for weeks, and despite a netmail to that
test system asking for the sysop to contact me to arrange their own
node number, there's been no reply and no let up in polling frequency.

I'm looking for a way for BinkD to reject the incoming connection
based on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?

Note I am not a perl guru so any suggested fix you have I'd appreciate
a bit of hand holding to implement it.

Also of note, setting such a block up is not my preferred choice but I have exhausted options to contact the unknown sysop and want to ensure
the test AKA is available for others to send/recieve packets from
also... with a polling frequency of 2 mins the offending system gives
no one else a look in.

Why not just block his IP (range) in your firewall? That would be the easy sollution...


Bye, Wilfred.
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 20 May 2021 at 10:29a, Wilfred van Velzen pondered and said...

Why not just block his IP (range) in your firewall? That would be the
easy sollution...

because I don't really know it, and I suspect other nodes may be part of that range... I started to do this using specific IPs but the node concerned
changed IP each day etc. so it was a bit like playing whack a mole... hence
the thinking about using sysop name or system name
--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)

On 20 May 2021 at 06:22p, Paul Quinn pondered and said...

I see in the binkD FAQ that there is a way to block a known IP. Check
out the distro .CFG file. Good luck.

thanks, the IP seems to be dynamic so it's not so easy :(
--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)

Hello Paul!

On Thu, 20 May 2021 at 19:59 +1200, you wrote to All:

Also of note, setting such a block up is not my preferred choice but I have exhausted options to contact the unknown sysop and want to ensure
the test AKA is available for others to send/recieve packets from
also... with a polling frequency of 2 mins the offending system gives
no one else a look in.

If your system can suffer from DoS because of a single person making single connection once in 2 minutes, imagine what happens, if someone will poll your system from a small botnet (like 100 servers) via random proxies making 10-100 connections per second each. Just for fun.

By the way, binkd can handle multiple connections simultaneously, so I can't really imagine how a single node can cause DoS by polling your system every 2 minutes.


... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net
--- GoldED+/W32-MSVC 1.1.5-b20180707
* Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)

Hi Paul,

On 2021-05-20 21:19:13, you wrote to me:

Why not just block his IP (range) in your firewall? That would be the
easy sollution...

because I don't really know it, and I suspect other nodes may be part of that range...

It should be easy to check if your other links are in the same IP range...


Bye, Wilfred.
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Paul wrote (2021-05-20):

I'm looking for a way for BinkD to reject the incoming connection based on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?

Note I am not a perl guru so any suggested fix you have I'd appreciate a bit of hand holding to implement it.

There is some documentation in doc/perlhooks.txt

I think it should be possible to abort the session:

6) after_handshake()
- called after complete login information transferred
- defined vars: session level 2
- return non-empty string to abort session with that reason

Session Data

This variables are set for session hooks depending of their availability:

1 2 3 <- session vars level (see hooks description)
$sysname + + remote system name
$sysop + + remote sysop



Have you built binkd with perl support?

---
* Origin: . (2:280/464.47)

Works:

+ 13:06 [2106] call to 4095:1/2@testnet
13:06 [2106] connected
+ 13:06 [2106] outgoing session with localhost:24554
- 13:06 [2106] OPT CRAM-MD5-999cab24e1f847d0f6ffb387ad8bb2ee
+ 13:06 [2106] Remote requests MD mode
- 13:06 [2106] SYS 🌺
- 13:06 [2106] ZYZ Oli
- 13:06 [2106] LOC ⛅
- 13:06 [2106] NDL IBNS
- 13:06 [2106] TIME Thu, 20 May 2021 12:06:07 +0000
- 13:06 [2106] VER binkd/1.1a-111/Linux binkp/1.1
+ 13:06 [2106] addr: 4095:1/2@testnet
+ 13:06 [2106] pwd protected session (MD5)
- 13:06 [2106] session in CRYPT mode
? 13:06 [2106] aborted by Perl after_handshake(): Get lost!
+ 13:06 [2106] done (to 4095:1/2@testnet, failed, S/R: 0/0 (0/0 bytes))


Script:
sub after_handshake
{
if ($sysop eq "Oli") {
return "Get lost!";
}
else
{
return 0
}
}


Shorter version:

sub after_handshake
{
return ($sysop eq "Oli" ? "Get lost!" : 0);
}


I don't code in Perl, maybe there are better ways to do it.

---
* Origin: . (2:280/464.47)

On 20 May 2021 at 12:14p, Alexey Fayans pondered and said...

If your system can suffer from DoS because of a single person making single connection once in 2 minutes, imagine what happens, if someone

It's not a DoS issue. But thanks for the reply.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)

On 20 May 2021 at 01:13p, Oli pondered and said...

Works:
? 13:06 [2106] aborted by Perl after_handshake(): Get lost!
+ 13:06 [2106] done (to 4095:1/2@testnet, failed, S/R: 0/0 (0/0 bytes))

Thanks for the info, very helpful :)

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)

On 20 May 2021 at 12:52p, Oli pondered and said...

Have you built binkd with perl support?

Thanks for this info too :)

Yes I have built with perl and can confirm this did the trick. Thank you for your help with one.
--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)