Subj : Re: Bink Block
To   : All
From : Warpslide
Date : Wed Nov 27 2024 05:03 pm

On 25 Nov 2024, Warpslide said the following...

 Wa> Solution?  Block their ass!

For some reason this person has decided to change the name they use when sending mail with binkp, so updated this script to handle multiple cases:

#!/bin/bash
BINKLOG="/path/to/binkd.log"

BLOCK=(
  "ZYZ John Doe$"
  "ZYZ Jane Doe$"
  "ZYZ j0hnd03$"
  "addr: 1:234/567@fidonet"
  "addr: 21:3/999@fsxnet"
)

for i in "${BLOCK[@]}"; do

  # Find the latest log entry matching the pattern
  getpoll=$(tac "$BINKLOG" | grep -m 1 "$i")

  if [[ -n $getpoll ]]; then
    # Extract the PID from the log entry using bash string manipulation
    pollpid="${getpoll#*[}"
    pollpid="${pollpid%%]*}"

    # Find the full log entry associated with the PID
    poll=$(grep "\[$pollpid\] incoming session with" "$BINKLOG")

    ip=$(echo "$poll" | sed -n 's/.*\[\([^]]*\)\]$/\1/p')

    # Extract the IPv4 address from the log entry
    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then

      # Convert to CIDR format
      cidr="${ip%.*}.0/24"

      # Check if the CIDR is already in the block4 IP set
      if ! sudo ipset test block4 "$cidr" >/dev/null 2>&1; then
        # Add the CIDR to the block4 IP set and save changes
        sudo ipset add block4 "$cidr"
        sudo ipset save > /etc/iptables/ipsets
      fi
    # Extract the IPv6 address from the log entry
    elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then

      # Convert to CIDR format
      cidr=`echo "$ip" | cut -d: -f1-4`\:\:\/64

      # Check if the CIDR is already in the block6 IP set
      if ! sudo ipset test block6 "$cidr" >/dev/null 2>&1; then
        # Add the CIDR to the block6 IP set and save changes
        sudo ipset add block6 "$cidr"
        sudo ipset save > /etc/iptables/ipsets
      fi
    fi
  fi
done


Since adding these rules on the 25th, I already have three IPv4 address ranges and several hundred hits:

pkts bytes target prot opt in  out source     dest
392  13680 DROP   all  --  *   *   0.0.0.0/0  0.0.0.0/0  match-set block4 src


Updated version also available at:
https://nrbbs.net/binkblock.sh.txt


Jay

.... What musical instrument is found in the bathroom? A tuba toothpaste

--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
 * Origin: Northern Realms (21:3/110)

.