• Hackers and port scanners

    From Neko@DIGDIST/BATTLEST/FREEWAY to All on Thursday, March 09, 2017 16:42:00
    Hello,
    Is there anyone who knows how to block port scanning IPs? I have one there in ip.can, but it doesn't work. Terminal log shows: "3600 SSH connection accepted from: <IP address> port 34297" and after that: "3600 SSH Read failure". I have firewall turned on, automatic IP blocking works properly except this. Do you know how to block port scanning IP?
    Regards,
    Neko (Nekosoft BBS sysop)

    ---
    þ Synchronet þ NEKOSOFT BBS Server - nekosoft.ddns.net
  • From KK4QBN@DIGDIST/BATTLEST/FREEWAY to Neko on Thursday, March 09, 2017 12:13:00
    Re: Hackers and port scanners
    By: Neko to All on Thu Mar 09 2017 05:42 pm

    Hello,
    Is there anyone who knows how to block port scanning IPs? I have one there in ip.can, but it doesn't work. Terminal log shows: "3600 SSH connection accepted from: <IP address> port 34297" and after that: "3600 SSH Read failure". I have firewall turned on, automatic IP blocking works properly except this. Do you know how to block port scanning IP?
    Regards,

    IP.can WILL block the connection, as far as letting them attempt to login, which keeps your nodes cleared up quicker, It will not block the initial connect though, there is no real way to do that without actually setting it up in your router.

    --

    Tim Smith (KK4QBN)
    KK4QBN BBS

    ---
    þ Synchronet þ KK4QBN + (706)-422-9538 + kk4qbn.synchro.net + 24/7/365
  • From Neko@DIGDIST/BATTLEST/FREEWAY to KK4QBN on Thursday, March 09, 2017 22:57:00
    Re: Hackers and port scanners
    By: KK4QBN to Neko on Thu Mar 09 2017 13:13:19

    IP.can WILL block the connection, as far as letting them attempt to login, which keeps your nodes cleared up quicker, It will not block the initial connect though, there is no real way to do that without actually setting it up in your router.

    --

    Tim Smith (KK4QBN)
    KK4QBN BBS


    Okay, thanks, but my router doesn't support blocking connections from the Internet, it can block only with in LAN network... Do you know any other way to block them
    without using router?

    Regards,
    Neko

    --
    WindowsKillerPL (Neko)
    Nekosoft BBS

    ---
    þ Synchronet þ NEKOSOFT BBS Server - nekosoft.ddns.net
  • From KK4QBN@DIGDIST/BATTLEST/FREEWAY to Neko on Thursday, March 09, 2017 19:37:00
    Re: Hackers and port scanners
    By: Neko to KK4QBN on Thu Mar 09 2017 11:57 pm

    Okay, thanks, but my router doesn't support blocking connections from the Internet, it can block only with in LAN network... Do you know any other way to block them without using router?

    I cannot think of anything off hand, maybe someone else can chime in if they can.. but when I first started running my system, my bbs stayed bombarded with connections from bots, now that DM has implemented the new features in SBBS to automatically can these bots it has cleared up.. A LOT, it will take a couple weeks to get a lot of the worse offenders canned, but after that, it seems to do a great job. I was afraid I would need to move the BBS to a non-standard port, etc.. but that is no longer an issue. I would say, just give it some time. I will send you a copy of my ip.can if you like, just let me know.



    --

    Tim Smith (KK4QBN)
    KK4QBN BBS


    ---
    þ Synchronet þ KK4QBN + (706)-422-9538 + kk4qbn.synchro.net + 24/7/365
  • From Bill McGarrity@DIGDIST/BATTLEST/FREEWAY to Neko on Thursday, March 09, 2017 22:08:00
    Neko wrote to KK4QBN on 03-09-17 23:57 <=-

    Re: Hackers and port scanners
    By: KK4QBN to Neko on Thu Mar 09 2017 13:13:19

    IP.can WILL block the connection, as far as letting them attempt to login, which keeps your nodes cleared up quicker, It will not block the initial connect though, there is no real way to do that without actually setting it up in your router.


    Okay, thanks, but my router doesn't support blocking connections from
    the Internet, it can block only with in LAN network... Do you know any other way to block them without using router?

    Get a program called PeerBlock.


    --

    Bill

    Telnet: tequilamockingbirdonline.net
    Web: bbs.tequilamockingbirdonline.net:81
    FTP: ftp.tequilamockingbirdonline.net:2121
    IRC: irc.tequilamockingbirdonline.net Ports: 6661-6670 SSL: +6697
    Radio: radio.tequilamockingbirdonline.net:8010/live


    ... Look Twice... Save a Life!!! Motorcycles are Everywhere!!!
    --- MultiMail/Win32 v0.50
    þ Synchronet þ TequilaMockingbird Online - Toms River, NJ
  • From Digital Man@DIGDIST/BATTLEST/FREEWAY to Neko on Thursday, March 09, 2017 20:11:00
    Re: Hackers and port scanners
    By: Neko to All on Thu Mar 09 2017 05:42 pm

    Hello,
    Is there anyone who knows how to block port scanning IPs? I have one there in ip.can, but it doesn't work.

    Can you elaborate on what you mean by "doesn't work"?

    digital man

    Synchronet/BBS Terminology Definition #23:
    FSP = FidoNet Standards Proposal
    Norco, CA WX: 67.4øF, 45.0% humidity, 1 mph WSW wind, 0.00 inches rain/24hrs

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Neko@DIGDIST/BATTLEST/FREEWAY to Digital Man on Friday, March 10, 2017 12:37:00
    Re: Hackers and port scanners
    By: Digital Man to Neko on Thu Mar 09 2017 21:11:14

    Can you elaborate on what you mean by "doesn't work"?

    digital man
    I mean there's a bot (Chinese IP address) constantly trying to connect to my BBS - it lasts about an hour. Log shows that there's an IP trying to connect and then I can see a warning "SSH Read Failure". After a minute the same IP tries to connect from another port and the same warning shows in the log. It doesn't matter if I turn on Windows Firewall, router firewall on the highest security settings, both or none of them. There are only exceptions for Synchronet and Windows Server services that need an exception.

    --
    WindowsKillerPL (Neko)
    Nekosoft BBS Server

    ---
    þ Synchronet þ NEKOSOFT BBS Server - nekosoft.ddns.net
  • From Poindexter Fortran@DIGDIST/BATTLEST/FREEWAY to Neko on Friday, March 10, 2017 07:54:00
    Re: Hackers and port scanners
    By: Neko to KK4QBN on Thu Mar 09 2017 11:57 pm

    Okay, thanks, but my router doesn't support blocking connections from the Internet, it can block only with in LAN network... Do you know any other way to block them without using router?

    You could use a software firewall to block the connections. Some people use PeerBlock to block inbound connections.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Digital Man@DIGDIST/BATTLEST/FREEWAY to Neko on Friday, March 10, 2017 09:47:00
    Re: Hackers and port scanners
    By: Neko to Digital Man on Fri Mar 10 2017 01:37 pm

    Re: Hackers and port scanners
    By: Digital Man to Neko on Thu Mar 09 2017 21:11:14

    Can you elaborate on what you mean by "doesn't work"?

    I mean there's a bot (Chinese IP address) constantly trying to connect to my BBS - it lasts about an hour. Log shows that there's an IP trying to connect and then I can see a warning "SSH Read Failure". After a minute the same IP tries to connect from another port and the same warning shows in the log. It doesn't matter if I turn on Windows Firewall, router firewall on the highest security settings, both or none of them. There are only exceptions for Synchronet and Windows Server services that need an exception.

    So add that Chinese IP address to your ip.can file. Did you try that?

    digital man

    Synchronet "Real Fact" #79:
    172 Synchronet Match Maker registrations were sold (@$69) between 1995 and 1996.
    Norco, CA WX: 76.2øF, 45.0% humidity, 1 mph SSE wind, 0.00 inches rain/24hrs

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From KK4QBN@DIGDIST/BATTLEST/FREEWAY to Neko on Friday, March 10, 2017 12:30:00
    Re: Hackers and port scanners
    By: Neko to Digital Man on Fri Mar 10 2017 01:37 pm

    [0mI mean there's a bot (Chinese IP address) constantly trying to connect to my BBS - it lasts about an hour. Log shows that there's an IP trying to connect and then I can see a warning "SSH Read Failure". After a minute the same IP tries to connect from another port and the same warning shows in the log. It doesn't matter if I turn on Windows Firewall, router firewall on the highest security settings, both or none of them. There are only exceptions for Synchronet and Windows Server services that need an exception.

    Since you made exceptions for SBBS in your firewall, it will ALWAYS allow connections to any port SBBS operates, If you put the IP in the ip.can you will still see the inital connection, but SBBS will block anything further than that. if seeing the connections bug you, you can always move your telnet, ssh, web and other services to non standard ports, but that may hinder you from getting real connections from actual people. even though I have put the IPS in my IP.can they still *TRY* to connect to the BBS on a fairly regular basis, but they never get as far as the inital connect phase before they are turned away. Now that DM has implemented the new can features I've never had issues with the nodes being full, etc. I agree, it gets on my nerves seeing all these bot connections, but there is nothing they can do, SYnchronet will not allow them to harm the system. my IP.CAN is now close to 1mb and growing every day. but the BBS is still running. no issues.

    --

    Tim Smith (KK4QBN)
    KK4QBN BBS

    ---
    þ Synchronet þ KK4QBN + (706)-422-9538 + kk4qbn.synchro.net + 24/7/365