Subj : Figuring out a way to leverage fail2ban with terminal services
To   : Winzlo
From : Digital Man
Date : Sat May 02 2026 07:23 pm

  Re: Figuring out a way to leverage fail2ban with terminal services
  By: Winzlo to All on Sat May 02 2026 08:57 pm

 > The bots have arrived.  :/  I'm now watching as my BBS gets taken over by
 > telnet connections, some try to use a username during the matrix menu,
 > others just sit there tieing up the line/node until the 60 second timeout
 > that I imposed.  Despite this, I've got a real "squatter" problem to tend
 > to, with two potential solutions - either change my BBS's telnet port off 23
 > and risk this happening again, or run something like fail2ban to block these
 > connections from repeating.

Have you read https://wiki.synchro.net/howto:block-hackers ?

 > I've also configured pfSense to only allow 2 concurrent connections, with no
 > more than 5 burst sessions throttling back to 2.  This did reduce the issue
 > from happening many times a day to only a couple times a day, but it didn't
 > knock it out.  That's where fail2ban comes into play.
 >
 > The issue I'm encountering is that I have my log level set to Info, and yet
 > I have not found an obvious way to determine "BBS got an incoming connection
 > from IP x.x.x.x".  Combining that entry with a line in hack.log and/or
 > hangup.log would make this a breeze.  Is there an option I haven't spotted
 > that would either allow this to happen, or allow some kind of logging that
 > fail2ban cuold trap on to detect these kinds of attaacks?

Have you read https://wiki.synchro.net/howto:fail2ban ?
-- 
                                            digital man (rob)

Synchronet/BBS Terminology Definition #75:
SMTP = Simple Message Transfer Protocol
Norco, CA WX: 69.5øF, 63.0% humidity, 8 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.37-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.