Subj : Re: ACiD Underworld
To   : The Godfather
From : deon
Date : Sun Oct 12 2025 11:17:22

  Re: Re: ACiD Underworld
  By: The Godfather to deon on Sat Oct 11 2025 07:30 pm

Howdy,

 > This is typically what I do and don't have an issue (much) with BOT's but
 > for this project I want to stick to standard.  Is there a reason you avoid
 > using non standard ports?

Yeah, you then need to tell everbody your non standard port, if you want them to connect to you. If you advertise the non standard port, then I'm guessing it gets loaded into the bot tooling, which means it (eventually) gets hammered too.

I work on the theory, why should *I* have to change?

 > Sounds like a lot of work / trial and error.  But I'll look into it for
 > sure.

I didnt think so. I have the rules in place and forgot that I use it. But if you want the source IP address to be visible to whatever is behind haproxy, then that system needs to support the "haproxy protocol", otherwise the backend only sees the IP address of haproxy.

 > I had to chuckle here.  I went a few months with ZERO (fortunately last
 > summer during the slower months ..) Turns out I had my VPN turned on.  Do
 > those VPN's have the equivalent of port forwarding?  And if so, does that
 > make your browsing privacy / different country hopping more vulnerable?

I'm not talking about VPNs that are gated to the internet. I'm talking about a network inside a network. So no, port forwarding doesnt make sense (it doesnt address the problem), and the VPN doesnt provide outbound to the greater internet.

With Zero (or yggdrasil), you would limit inbound access to the VPN interface, and thus somebody connecting to your BBS would also need to be a member of the VPN. IP addresses are not public.

So, for example, to get mail via BINKP, the hub needs to be connected to the same VPN (Hub 3 uses ZeroTier), and your BINKP would also need to be connected to the same VPN.

For inbound telnet, users would need to connect to the VPN before connecting to the BBS (because the IP addresses are not routable outside of the VPN). And thus no bots, because they generally dont join VPN networks to probe, and/or wouldnt be allowed to join our "BBS VPN", anyway.

It has its pro's (only real people connecting) and con's (an additional IP network to manage).


....כמון
--- SBBSecho 3.29-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.