Fidonet Portal






From: mark lewis (1:3634/12)
To: All
Date: Sun, 16.02.20 15:05
All nodes busy?
Re: All nodes busy?
By: Jeff Smith to All/kim Heino on Sun Feb 16 2020 02:03:06


JS> I currently have the 22 node version of BBBS Toy-4. Since upgrading
JS> to the current version I have noticed that I frequently (At least
JS> once a day) run out of available nodes. I don't recall noticing
JS> this issue with previous versions of BBBS. I use iptables to help
JS> manage port access. Recently I have reconfigured bbbsd to run
JS> using all non-standard ports to see if that would affect my bust
JS> port issue. It didn't seem to make a difference. Is there
JS> something I am missing? Has anyone else had a problem with busy
JS> nodes with BBBS?

there is a new wave of bots attempting to recruit buggy routers into their
botnet(s)... just ask my IDS/IPS* about it ;)

but seriously, can you shorten your timeout on login for inactivity? if they
don't know what to do, they will sit at the login prompt until they or you time
out... the faster you can time them out, the faster you can get your nodes
freed back up for real users...

another thing you might be able to do is to drop/block IPs that connect more
than X times in Y seconds... some BBSes have this capability and i use it in my
IDS/IPS as well... for example, this rule from my IDS/IPS detects 5 TCP SYNs
within 60 seconds and raises an alert which triggers a block of the connecting
IP...

alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:"Rapid TELNET \
Inbound - Possible Brute Force Attack"; flags: S; \
detection_filter: track by_src, count 5, seconds 60; \
classtype:unsuccesful-user; sid:100000020; rev:3;)

i highly recommend running an IDS/IPS package on one's perimeter firewall if
they can... it takes some time to tune it for one's network traffic but once
that is done, there's little to do other than sit back, watch the nefarious
trash on the outside beat on the door trying to get in, and laugh at them... i
should also note that our setup does not use any database logging/monitoring
techniques with our IDS/IPS... doing this does allow for deeper analysis of
alerted network traffic but in our case, we haven't seen a need for such in our
case...


* https://en.wikipedia.org/wiki/Intrusion_detection_system


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

ABOUT

This forum contains echomail areas hosted on Nightmare BBS You can browse local echomail areas, italian fidonet areas and a selection of international fidonet areas, reading messages posted by users in Nightmare BBS or even other BBSs all over the world. You can find file areas too (functional to fidonet technology). You can browse echomail areas and download files with no registration, but if you want to write messages in echomail areas, or use fidonet netmail (private messages with fidomet technology), you have to register. Only a minimal set of data is required, functional to echomail and netmail usage (name, password, email); a registration and login with facebook is provided too, to allow easy registration. If you won't follow rules (each echomail areas has its own, regularly posted in the echomail), your account may be suspended;

CONTACT