Subj : Pro-active firewall?
To   : Arelor
From : Shurato
Date : Mon Jul 08 2024 09:15:00


* In a message originally to Shurato, Arelor said:

 > Re: Pro-active firewall? By: Shurato to All on Mon Jul 01 2024 05:27
 > pm

 >  > I tried to use net2bbs, but for some reason, every time elebbs
 > connects, it
 >  > drops carrier immediately.  Is there anything I can use with my BBS
 > software
 >  > that will identify repeated attacks and put them in a blacklist?  I'm
 >  > already running Mystic for MRC, and don't want to run another BBS for
 >  > this...  I saw wail2ban, but that only identifies login attempts for
 > the OS.

 > If the attacks you defend against leaves a fingerprint in some logfile,
 > you can either shoehorn fail2ban into parsing that logfile and identifying
 > the attacks, or write a custom script that runs every so often, scans the
 > log file and triggers a response when the attack is detected.

 > The script that runs periodically is not a great alternative (because if
 > you have a scan periodicity of, say, 5 minutes, attackers can do as they
 > want until thy are caught by the next iteration of the scaner). It s
 > simple, though.

 > I am not familiar with the software you are trying to protect so I cannot
 > be of much help.

I'm using Windows, not Linux.  fail2ban isn't an option.  There is nothing
other than repeated connections from the same IP, so your option wouldn't
work, no failed items in the log.

--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


---
 * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (618:300/50)

.