I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
Thanks- Sam
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Crazy BBS connections
By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

uh. yeah. it's the internet.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Crazy BBS connections
By: Sam Alexander to All on Mon Mar 21 2022 12:33 pm

Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

It was the same back then. Just bot scans looking for systems with default passwords, misconfigurations, or unpatched exploits.


- Andre

---
þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On Mon, 21 Mar 2022 12:33:52 -0700
"Sam Alexander" <sam.alexander@VERT> wrote:

I'm finally in a place where I can setup a new board -- probably will
just be for my own benefit and the fun of doing it. I'm quite
surprised at the barrage of connections I started getting right out
of the gate! I'm getting telnet and ssh connections almost
constantly, about 3-5 a minute if not more. Trying randon usernames
and such. I guess this is normal now'days? I'm running sync at home
over my broadband connection, so I guess it's people just scanning
ports and ip's.

very common.

Example, on my fairly open linux box, these are all the attempted ssh connections within 24 hours. Deal with it with fail2ban or something
similar - that I have but seems I need to tweak it.

unknown (122.187.114.134): 50 Time(s)
unknown (104.42.148.242): 40 Time(s)
unknown (80.248.67.11): 33 Time(s)
unknown (13.77.174.169): 29 Time(s)
unknown (45.173.207.238): 29 Time(s)
unknown (157.245.139.92): 26 Time(s)
unknown (20.101.118.63): 26 Time(s)
unknown (40.113.243.220): 26 Time(s)
unknown (161.35.111.48): 25 Time(s)
unknown (186.204.53.1): 25 Time(s)
unknown (187.120.9.30): 25 Time(s)
unknown (143.244.170.127): 23 Time(s)
unknown (2.39.147.86): 23 Time(s)
unknown (36.91.166.34): 23 Time(s)
unknown (106.12.21.202): 22 Time(s)
unknown (106.52.193.249): 22 Time(s)
unknown (134.209.212.125): 22 Time(s)
unknown (144.24.216.133): 22 Time(s)
unknown (159.223.148.195): 22 Time(s)
unknown (159.223.51.213): 22 Time(s)
unknown (177.200.1.61): 22 Time(s)
unknown (181.129.166.202): 22 Time(s)
unknown (181.218.40.74): 22 Time(s)
unknown (182.253.117.99): 22 Time(s)
unknown (183.82.96.133): 22 Time(s)
unknown (202.165.66.104): 22 Time(s)
unknown (218.55.101.162): 22 Time(s)
unknown (27.128.233.119): 22 Time(s)
unknown (36.255.8.153): 22 Time(s)
unknown (43.155.90.89): 22 Time(s)
unknown (82.130.209.51): 22 Time(s)
unknown (107.150.103.23): 21 Time(s)
unknown (137.184.85.50): 21 Time(s)
unknown (157.245.193.50): 21 Time(s)
unknown (162.243.169.147): 21 Time(s)
unknown (164.92.208.210): 21 Time(s)
unknown (167.172.90.213): 21 Time(s)
unknown (178.140.56.159): 21 Time(s)
unknown (188.124.230.230): 21 Time(s)
unknown (20.136.1.73): 21 Time(s)
unknown (207.244.250.243): 21 Time(s)
unknown (210.204.190.9): 21 Time(s)
unknown (217.160.13.99): 21 Time(s)
unknown (43.134.211.59): 21 Time(s)
unknown (43.154.141.169): 21 Time(s)
unknown (43.243.206.115): 21 Time(s)
unknown (49.232.173.143): 21 Time(s)
unknown (106.54.203.54): 20 Time(s)
unknown (142.120.243.103): 20 Time(s)
unknown (161.35.219.53): 20 Time(s)
unknown (20.82.120.178): 20 Time(s)
unknown (43.154.105.79): 20 Time(s)
unknown (43.155.82.137): 20 Time(s)
unknown (68.183.7.120): 20 Time(s)
unknown (69.55.61.96): 20 Time(s)
unknown (89.143.15.210): 20 Time(s)
unknown (118.113.15.18): 19 Time(s)
unknown (206.189.86.91): 19 Time(s)
unknown (43.154.49.251): 19 Time(s)
unknown (103.35.165.190): 18 Time(s)
unknown (117.236.151.130): 18 Time(s)
unknown (147.182.189.196): 18 Time(s)
unknown (43.132.155.95): 18 Time(s)
unknown (8.209.197.37): 18 Time(s)
unknown (180.76.144.163): 17 Time(s)
unknown (43.154.189.23): 17 Time(s)
unknown (43.155.116.235): 17 Time(s)
unknown (103.181.143.44): 15 Time(s)
unknown (43.155.86.169): 15 Time(s)
unknown (106.12.161.226): 14 Time(s)
unknown (43.154.195.100): 13 Time(s)
unknown (180.76.58.57): 12 Time(s)
unknown (182.150.57.21): 12 Time(s)
unknown (182.74.114.198): 12 Time(s)
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23
---
þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 3/21/2022 3:33 PM, Sam Alexander wrote:

I'm finally in a place where I can setup a new board -- probably will just be for my own benefit and the fun of doing it. I'm quite surprised at the barrage of connections I started getting right out of the gate! I'm getting telnet and ssh connections almost constantly, about 3-5 a minute if not more. Trying randon usernames and such. I guess this is normal now'days? I'm running sync at home over my broadband connection, so I guess it's people just scanning ports and ip's.

Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.
Thanks- Sam

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

You might want to avoid using the standard ports for telnet/ssh/rlogin.

---
þ Synchronet þ IPTIA - bbs2.ipingthereforeiam.com:2323
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Nelgin to Sam Alexander on Mon Mar 21 2022 06:48 pm

Example, on my fairly open linux box, these are all the attempted ssh connections within 24 hours. Deal with it with fail2ban or something
similar - that I have but seems I need to tweak it.

I think people are looking for filters that block countries and other miscreants.

---
þ Synchronet þ Inland Utopia - iutopia.duckdns.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Crazy BBS connections
By: Digital Man to Sam Alexander on Mon Mar 21 2022 12:36 pm

Anyway just curious if this is quite common ... I remember it being so last time I ran a telnet board 15+ years ago, but not to this degree.

Yup, sounds normal.

I guess I'll need to increase the nodes from 4 to 8, at any given time 2 to 3 are tied-up with this mess, once even all four were tied-up. Can you give more details on how LoginAttemptFilterThreshold works? I read the docs, and other than suggesting not to set below 10 i'm unsure what this does. I'm often seeing the same IP trying dozens of times, and though I've added some to the ip.can file I'm not sure I have this working correctly.

This is on Sync built from the most current git release on Linux.
Thanks..
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: dragon to Sam Alexander on Mon Mar 21 2022 06:41 pm

You might want to avoid using the standard ports for telnet/ssh/rlogin.

I thought of that, but this doesn't seem to be norm for most systems. My biggest concern are these connections tying up all the nodes, already seen it happen once. I'll probably increase from 4 to 8 due to this.
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

El 21/3/22 a las 22:36, Utopian Galt escribió:

Re: Re: Crazy BBS connections
By: Nelgin to Sam Alexander on Mon Mar 21 2022 06:48 pm

> Example, on my fairly open linux box, these are all the attempted ssh
> connections within 24 hours. Deal with it with fail2ban or something
> similar - that I have but seems I need to tweak it.
I think people are looking for filters that block countries and other miscreants.

---
� Synchronet � Inland Utopia - iutopia.duckdns.org

block countries make no sense.
use fail2ban and filter their ips that make noise on your server

---
ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Ragnarok wrote to Utopian Galt <=-

block countries make no sense.

Sometimes it does. It's easy and effective. I have dozens blocked.

use fail2ban and filter their ips that make noise on your server

Harder to do, and there are too many of them.


... Nothing's foolproof - the idiots are too ingenious.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Tony Langdon to Ragnarok on Fri Mar 25 2022 08:25 pm

On 03-23-22 12:59, Ragnarok wrote to Utopian Galt <=-

block countries make no sense.
use fail2ban and filter their ips that make noise on your server

I agree, fail2ban works very well, and keeps the bots at bay.

i like blocking countries, though.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 3/21/22 15:41, dragon wrote:

You might want to avoid using the standard ports for telnet/ssh/rlogin.

I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
ï¿­ Synchronet ï¿­ Roughneck BBS - roughneckbbs.com
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Tracker1 to dragon on Fri Apr 01 2022 10:07 pm

On 3/21/22 15:41, dragon wrote:

You might want to avoid using the standard ports for telnet/ssh/rlogin.

I disagree... I tend to prefer the "standard" ports and just accept or blacklist the bot stuff.
--

i'm with ya on that. using non standard ports when you have users
is really stupid. its hard enough getting them to call.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

There are hundreds of BBSes on non-standard ports in my database. Are
all these sysops "really stupid"?

Yes.


- Andre

---
ï¿­ Synchronet ï¿­ Radio Mentor BBS - bbs.radiomentor.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 4/2/2022 4:51 PM, MRO wrote:

Re: Re: Crazy BBS connections
By: dragon to MRO on Sat Apr 02 2022 12:31 pm

> > i'm with ya on that. using non standard ports when you have users
> > is really stupid. its hard enough getting them to call.
> > ---
>
> There are hundreds of BBSes on non-standard ports in my database. Are
> all these sysops "really stupid"?

yes they are. i devoted the last 25 years of my life running services for sysops and users.

you're a bit late to the show and i assume you are one of those guys that is into this stuff for the technology aspect, and learning new things.

so yes, obviously you are doing something stupid if you make it harder for people to use your system when they can go someplace else with no hassle.

Half of the top 10 most popular sites in the voting section of my
website use non-standard ports. Perhaps you are selling the users short
or inflating the degree this is a "hassle".

I'm not late. I've just been away for a while.

I have been involved in computer technology since 1981. I ran RBBS and PCBoard multinode dialup boards for well over a decade. I was a Fidonet coordinator with a Planet Connect feed servicing a large number of
downstream nodes for over a decade.

I've been managing and securing IP networks for nearly 30 years.

Since 2017 I've become re-interested in BBSes, mostly because I was
amazed to find out so many still existed. You're correct that I'm not
looking to build a community on my BBS at this time.

---
þ Synchronet þ IPTIA - bbs2.ipingthereforeiam.com:2323
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I've been managing and securing IP networks for nearly 30 years.

As they say, there’s always a bigger fish.

The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I’ll wait to see all of the examples of exploited BBS systems that were using 22/23.


- Andre

---
ï¿­ Synchronet ï¿­ Radio Mentor BBS - bbs.radiomentor.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: dragon to MRO on Sun Apr 03 2022 11:27 am

> coordinator with a Planet Connect feed servicing a large number of
> downstream nodes for over a decade.
>
> I've been managing and securing IP networks for nearly 30 years.
>

GOOD FOR YOU.

> Since 2017 I've become re-interested in BBSes, mostly because I was
> amazed to find out so many still existed. You're correct that I'm not

like i said, you are late to the party.
---
­ Synchronet ­ ::: BBSES.info - free BBS services :::

Man, you're unpleasant. Where did the bad man touch you?

sorry, i just dont suffer fools. you asked why something was stupid and i explained how i have focused decades on giving bbs users content with what they want. i could type for over a half an hour about what i've done for bbsing and sysops and bbs users over the past 20+ years. none of it matters now, but i did it.

you reply back that you ran fidonet nodes.
and you run a website that collects bbs urls and has a voting feature where sysop vote for their own bbses.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

I've been managing and securing IP networks for nearly 30 years.

As they say, there's always a bigger fish.

The concept of moving to nonstandard ports is dated and not useful anymore. It accomplishes nothing other than making it more difficult for users to connect. For all the people that say otherwise, I'll wait to see all of the examples
of exploited BBS systems that were using 22/23.

I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.
--
digital man (rob)

Synchronet "Real Fact" #84:
The Electronic Frontier Foundation used to run Synchronet (circa 1993)
Norco, CA WX: 65.2øF, 66.0% humidity, 9 mph SSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I think the reason that some sysops use non-standard ports is to cut down on bots busying their nodes (attempting logins or just waiting to timeout) and possibly denying service to legit users.

I've been waiting for someone to say that, which is a valid reason I guess. I get maybe two concurrent attacks/scans at the very most. Whatever, still a reason that makes some sense.

But so far, everyone who brings it up has said it's for security reasons. Which just doesn't hold water anymore.

- Andre

---
ï¿­ Synchronet ï¿­ Radio Mentor BBS - bbs.radiomentor.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

users to connect. For all the people that say otherwise, I'll wait to see all of the examples of exploited BBS systems that were using 22/23.

Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

---
þ Synchronet þ Inland Utopia - iutopia.duckdns.org:2023
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: Utopian Galt to Andre on Sun Apr 03 2022 12:54 pm

Reducing the number of idiots and botnets trying to hammer your system is the main reason why many use non standard ports.

Which accomplishes pretty much nothing. No security impact. Maybe have to run a couple more nodes for the times when you end up with a couple nodes taken up by scanners and bots.


- Andre

---
þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Crazy BBS connections
By: dragon to Digital Man on Sun Apr 03 2022 10:10 pm

On 4/3/2022 6:02 PM, Digital Man wrote:

Re: Re: Crazy BBS connections
By: Andre to dragon on Sun Apr 03 2022 07:44 am

> > I've been managing and securing IP networks for nearly 30 years.
>
> As they say, there's always a bigger fish.
>
> The concept of moving to nonstandard ports is dated and not useful any
> It accomplishes nothing other than making it more difficult for users
> connect. For all the people that say otherwise, I'll wait to see all o
> examples
> of exploited BBS systems that were using 22/23.

I think the reason that some sysops use non-standard ports is to cut down

That's actually what the original poster seemed to be asking about and
what I thought I was providing an OPTION for him to deal with it.

When I explain ports to my non-technical friends and co-workers, I explain
the system being a large factory building with mulitple doors dedicated to specific customer or vendor traffic. If a caterer is bringing in food, you wa nt him to use the dedicated kitchen entrance. That may bring up the
argument that someone who wants to sneak in the building knows doors 22 or
23 are the kitchen entrance. You may have to lock those doors down and tell the caterer to use another entrance. Is this an issue? Not really if the caterer knows which door to bring the food in. That information is provided
by the building manager. If you want to invite a select group of people in, you would have to advertise wherever else these people go and inform them as
to which non-common door to enter from.

---
þ Synchronet þ The Cave BBS - Since 1992 - cavebbs.homeip.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)