Subj : Another Interesting Error... To : Shawn Highfield From : mark lewis Date : Thu Oct 06 2016 09:54:22 06 Oct 16 10:10, you wrote to Janis Kracht: JK>> I switched back to net2bbs on my ezycom box, and for the most part it JK>> Last night when even iptables failed for the telnet port (some JK>> weirdness there because it works on the http port), I switched to a JK>> different telnet port.. I've probably got maybe a week before the JK>> 'sniffers' find it . SH> I took a beating last night. ;) They are able to bring the whole SH> thing down to a halt after they hammer it about a million times in a SH> minute. hahaha i'm just not seeing that kind of traffic over here... SH> I'm just glad we use binkp to transfer mail... If people were still SH> using mailer over telnet we'd all be in a pickle. ;) them beating on my FrontDoor mailer is exactly how i started tracking them back in june or july... that was when i wrote my first IDS/IPS rules to try catching and blocking them... i was seeing their character strings in FD's DFRS (Data From Ring Signal aka CallerID) logging on the WFC screen... it was early august when i posted to the "emerging threats" mailing list with the rule inquiring about possible better and more efficient ways to go... they published my rules after testing them in their honeypots... one was adjusted and the others accepted as is... since then, i've gone a bit of another way but still retain the base detection technique... the only ones i haven't been able to fire an alert on are those that do not emit any character strings when they connect... i'm not sure they are the same but they may be... i need to spend a ""bit"" more time analysing the telnet data they are sending but i don't think there's anything going on there... binary protocol analysis can be rather tedious, if you know what i mean ;) )\/(ark Always Mount a Scratch Monkey Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong... .... Sneaker Net - walk floppies between 2 computers. --- * Origin: (1:3634/12.73) .