Subj : Script to monitor for telnet bots
To   : Kim Heino
From : Sean Rima
Date : Fri Feb 07 2025 11:21 pm

>>Has anyone got a script that scans log0 for repeated offenders trying telnet,
>> ftp etc
> I'm using rate limiting on my firewall and block too many connections there.
> It's better than inet.bbb and I've had zero problems with bots.
> My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri
> Example config:
> macro {
> bbbs_rate  saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
> }
> public-localhost {
> ftp bbbs_rate ipv4
> ftp ipv6 reject      # bftpd doesn't support IPv6
> ftps bbbs_rate ipv4
> ftps ipv6 reject     # bftpd doesn't support IPv6
> telnet bbbs_rate
> tcp 24554 bbbs_rate  # BinkP
> ...
> }
>> I have been checking some of the repeaters on my logs against abuseipdb and
>> adding them to the blocked section of inet
> Foomuuri can automatically import and refresh external IP-lists for block
> lists.
> Take a look at fail2ban too. It works nicely with Foomuuri.
> https://github.com/FoobarOy/foomuuri/issues/9

Thanks, that I think will be a better idea. Need to improve my firewall anyway

Sean

--- BBBS/Li6 v4.10 Toy-7
* Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.