• Opening up Telnet :P

    From Kevin Nunn@618:200/1 to All on Saturday, March 19, 2022 10:18:17

    Thanks to Sean's suggestion to use the (unknown to me) AIX firewall
    built into OS/2, I am opening up my telnet port again.

    Not like I have a ton of callers, but for those 1-2 a year, they can
    connect to a real TG/2 system again :P

    At first I was having trouble figuring it out but then I started to
    grasp the concept again of how iptables type stuff works and got it
    working. Although I am doing it the opposite of how I probably should,
    since it only has a few ports forwarded to it, the box should be fine.

    I am blocking specific IPs first, then allowing everything.

    This seemed like a better idea than deny everything, block by IP, then
    permit specific ports (binkd/telnet/vnc/ftp/etc).

    Kev


    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)
  • From digimaus@618:618/1 to Kevin Nunn on Saturday, March 19, 2022 20:04:07
    Kevin Nunn wrote to All <=-

    At first I was having trouble figuring it out but then I started to
    grasp the concept again of how iptables type stuff works and got it working. Although I am doing it the opposite of how I probably should, since it only has a few ports forwarded to it, the box should be fine.

    The way the AIX firewall requires you to enter the subnet for the IP address instead of the CIDR range made me think for a bit until I started using an online subnet calculator. <G>

    This seemed like a better idea than deny everything, block by IP, then permit specific ports (binkd/telnet/vnc/ftp/etc).

    Make sure that the last rule you have is "deny everything". The firewall
    won't work right unless you put that rule in.

    I originally used that firewall because a particular Russian in Fidonet
    thought it fun to try to SYN flood me. Stopped him in his tracks.

    I really don't have that many issues now. My telnet port gets hammered a
    bit but I have to set up a fail2ban jail for telnet offenders.

    -- Sean

    ... Crane's Law: there ain't no such thing as a free lunch.
    --- MultiMail/Linux
    * Origin: Outpost BBS * Johnson City, TN (618:618/1)
  • From Kevin Nunn@618:200/1 to Digimaus on Sunday, March 20, 2022 13:00:17
    DIGIMAUS wrote to KEVIN NUNN <=-

    Make sure that the last rule you have is "deny everything". The
    firewall won't work right unless you put that rule in.

    Well, I don't have that and it seems to be working ok. I'll see as time
    goes on. There are only 2 rules right now. a DENY for the IP of the
    offending person and a PERMIT for everything else. And that seems to be working.

    If I end up having problems then I'll add PERMITS for
    Telnet/binkd/VNC/FTP and then deny everything else.

    I originally used that firewall because a particular Russian in Fidonet thought it fun to try to SYN flood me. Stopped him in his tracks.

    I think this guy is coming from russia too, but it's weird and not
    consistant. Sometimes he'll hit it once, other times he hits it fast
    and often. That's when vmodem has a fit.

    Kev

    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)
  • From Sean Dennis@618:618/1 to Kevin Nunn on Sunday, March 20, 2022 18:32:50
    Hello Kevin,

    20 Mar 22 14:00, you wrote to Digimaus:

    Well, I don't have that and it seems to be working ok. I'll see as
    time goes on. There are only 2 rules right now. a DENY for the IP of
    the offending person and a PERMIT for everything else. And that seems
    to be working.

    That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending DENY ALL entry.

    I think this guy is coming from russia too, but it's weird and not consistant. Sometimes he'll hit it once, other times he hits it fast
    and often. That's when vmodem has a fit.

    Yeah, they're a real pest. I currently have something like 2000 IPs in my fail2ban recidive jail. The price of doing business these days.

    -- Sean

    ... Raising pet electric eels is gaining a lot of current popularity.
    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Outpost BBS * Johnson City, TN (618:618/1)
  • From Kevin Nunn@618:200/1 to Sean Dennis on Monday, March 21, 2022 14:04:18
    SEAN DENNIS wrote to KEVIN NUNN <=-

    That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending
    DENY ALL entry.

    But it is working how I want it to work LOL. It is doing what i need it
    to do. Which is to block a specific IP only. The system is not open to
    the world, only alt telnet port and binkd.

    Kev

    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)
  • From Jas Hud@618:300/12 to Kevin Nunn on Monday, March 21, 2022 13:30:19
    To: Kevin Nunn
    Re: Re: Opening up Telnet :P
    By: Kevin Nunn to Sean Dennis on Mon Mar 21 2022 03:04 pm

    From Newsgroup: Micronet.MIN_BBS

    SEAN DENNIS wrote to KEVIN NUNN <=-

    That means your firewall is not working right and allowing everything. Re-read the instructions again as the AIX firewall requires an ending DENY ALL entry.

    But it is working how I want it to work LOL. It is doing what i need it
    to do. Which is to block a specific IP only. The system is not open to
    the world, only alt telnet port and binkd.

    Kev


    dude if you are connected to the internet you are going to have hundreds of attackers a day
    --- Synchronet 3.18b-Win32 NewsLink 1.113
    * bbses.info - http://bbses.info - telnet://bbses.info
    * Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)
  • From Kevin Nunn@618:200/1 to Jas Hud on Tuesday, March 22, 2022 14:25:18
    JAS HUD wrote to KEVIN NUNN <=-

    dude if you are connected to the internet you are going to have
    hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

    It's not directly connected to the internet. I have a router that
    forwards binkd/telnet port to that box and that is it.

    Kev


    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)
  • From Jas Hud@618:300/12 to Kevin Nunn on Tuesday, March 22, 2022 18:17:46
    To: Kevin Nunn
    Re: Re: Opening up Telnet :P
    By: Kevin Nunn to Jas Hud on Tue Mar 22 2022 03:25 pm

    From Newsgroup: Micronet.MIN_BBS

    JAS HUD wrote to KEVIN NUNN <=-

    dude if you are connected to the internet you are going to have hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113

    It's not directly connected to the internet. I have a router that
    forwards binkd/telnet port to that box and that is it.

    Kev


    yeah i have a router too.
    you're connected to the internet.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
    * bbses.info - http://bbses.info - telnet://bbses.info
    * Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)
  • From Kevin Nunn@618:200/1 to Jas Hud on Wednesday, March 23, 2022 12:28:18
    JAS HUD wrote to KEVIN NUNN <=-

    hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113
    yeah i have a router too.
    you're connected to the internet.

    So if I only have telnet and binkd ports forwarded to that box, how am
    I going to have hundreds of attackers a day?

    Kev


    --- Telegard/2/QWK v3.09.g2-sp4/mL
    * Origin: Razor's Domain/2 BBS (618:200/1)
  • From Jas Hud@618:300/12 to Kevin Nunn on Wednesday, March 23, 2022 11:53:56
    To: Kevin Nunn
    Re: Re: Opening up Telnet :P
    By: Kevin Nunn to Jas Hud on Wed Mar 23 2022 01:28 pm

    From Newsgroup: Micronet.MIN_BBS

    JAS HUD wrote to KEVIN NUNN <=-

    hundreds of attackers a day --- Synchronet 3.18b-Win32 NewsLink 1.113
    yeah i have a router too.
    you're connected to the internet.

    So if I only have telnet and binkd ports forwarded to that box, how am
    I going to have hundreds of attackers a day?


    because they will scan your ip and find the open ports and attempt to get in. and they keep on trying.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
    * bbses.info - http://bbses.info - telnet://bbses.info
    * Origin: Time Warp of the Future BBS - Home of League 10 (618:300/12)