• Telent Spam and virtual Machines

    From Eastside75@1:103/705 to Digital Man on Fri Nov 18 04:59:24 2022
    I am running the Synch on a windows 7 32 bit VM using virtual Box on a windows 11 system.

    The IP of the VM uses a 10.* IP Mask while the host system uses 192.*

    I have port 23 forwarded in the Virtual Box software from the 10. to the 192.

    I am able to reach the BBS both locally and using the dyndns however the board is getting spammed with logon attempts which I know is well documented. I have increased the MAXCONCURRENT line in sbbs.cfg to 2 but this caused another issue I did not think about at first.

    All traffic is showing orignating from the 10. IP Mask becuase of the port forward to the VM. No logs show outside IP addresses. This limits even me logging in becuase my attempt shows from the same IP address as the scans.

    I am new to working with VM's so maybe it is something I am missing. Any insight into this?

    Thank you!

    ---
    þ Synchronet þ THUNDER-LINE - thunder.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Eastside75 on Fri Nov 18 11:49:14 2022
    Re: Telent Spam and virtual Machines
    By: Eastside75 to Digital Man on Fri Nov 18 2022 04:59 am

    I am running the Synch on a windows 7 32 bit VM using virtual Box on a windows 11 system.

    The IP of the VM uses a 10.* IP Mask while the host system uses 192.*

    I have port 23 forwarded in the Virtual Box software from the 10. to the 192.

    I am able to reach the BBS both locally and using the dyndns however the board is getting spammed with logon attempts which I know is well documented. I have increased the MAXCONCURRENT line in sbbs.cfg to 2 but this caused another issue I did not think about at first.

    All traffic is showing orignating from the 10. IP Mask becuase of the port forward to the VM. No logs show outside IP addresses. This limits even me logging in becuase my attempt shows from the same IP address as the scans.

    I am new to working with VM's so maybe it is something I am missing. Any insight into this?

    You're not going to be able to use any IP or hostname-based filtering or throttling on the BBS side with such a configuration. If you want to stick with that configuration, then you'll need to do any IP filtering/throttling in the host (not the guest) OS.
    --
    digital man (rob)

    This Is Spinal Tap quote #46:
    "Not an Exit" - we don't want an exit. Well that's true.
    Norco, CA WX: 65.1øF, 28.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deon@1:103/705 to Eastside75 on Sat Nov 19 10:07:18 2022
    Re: Telent Spam and virtual Machines
    By: Eastside75 to Digital Man on Fri Nov 18 2022 04:59 am

    Howdy,

    All traffic is showing orignating from the 10. IP Mask becuase of the port forward to the VM. No logs show outside IP addresses. This limits even me logging in becuase my attempt shows from the same IP address as the scans.

    I am new to working with VM's so maybe it is something I am missing. Any insight into this?

    What you can do is use HAPROXY and the haproxy protocol - and it can also be configured to limit the number of concurrent connections, and you can whitelist your IP address so that you are not affected by the concurrent connections.

    I've got SBBS running in docker (and docker NATs to the container) - but SBBS gets the true source IP of whoever is connecting.


    ...ëîåï

    ---
    þ Synchronet þ Alterant | an SBBS in Docker on Pi!
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Eastside75@1:103/705 to deon on Fri Nov 18 19:23:28 2022
    Re: Telent Spam and virtual Machines
    By: deon to Eastside75 on Sat Nov 19 2022 10:07 am

    Thanks for the info on HAPROXY. i tried something else first that i saw in your reply that made me go and look at the different kind of NATS available in the virtual Box. I changed it to the Bridged NAT which allowed the VM to use the same subnet as the host machine. Now I am able to see the external IP address from connections.

    The constant pings to the telnet port is frustrating but i have not seen any real damage being done in any case.

    Thanks again!

    ---
    þ Synchronet þ THUNDER-LINE - thunder.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)