Subj : Script to monitor for telnet bots
To   : Sean Rima
From : Kim Heino
Date : Fri Feb 07 2025 07:07 pm

> Has anyone got a script that scans log0 for repeated offenders trying telnet,
> ftp etc

I'm using rate limiting on my firewall and block too many connections there. It's better than inet.bbb and I've had zero problems with bots.

My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri

Example config:

macro {
 bbbs_rate  saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
}

public-localhost {
 ftp bbbs_rate ipv4
 ftp ipv6 reject      # bftpd doesn't support IPv6
 ftps bbbs_rate ipv4
 ftps ipv6 reject     # bftpd doesn't support IPv6
 telnet bbbs_rate
 tcp 24554 bbbs_rate  # BinkP
 ...
}

> I have been checking some of the repeaters on my logs against abuseipdb and
> adding them to the blocked section of inet

Foomuuri can automatically import and refresh external IP-lists for block lists.

Take a look at fail2ban too. It works nicely with Foomuuri. https://github.com/FoobarOy/foomuuri/issues/9

--- BBBS/Li6 v4.10 Toy-7
* Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.