Subj : Re: Has anyone received one of these? To : Todd Yatzook From : Bradley D. Thornton Date : Tue Sep 10 2019 09:26 pm Re: Re: Has anyone received one of these? By: Todd Yatzook to Bradley D. Thornton on Thu Sep 05 2019 10:55 am > On 05 Sep 2019, Bradley D. Thornton said the following... > BD> It was kind of a shocker. I've had customers who were bad actors before and had to whack their services and accounts, but I've never gotten > BD> something that pretty much insists that I close an open port on one of my machines. > I'd suggest that they review what a BBS is, and point them to various sites of BBS-related material on the internet, showing that while telnet is > *techincally* a way for people to acquire passwords and such, it's a medium that > also relies on closed systems and "security through obscurity". > Just sounds like you got caught up in a sweep that checks for open port vulnerabilites, with an automated response. I'd still follow up on a > response, though. Okay here's an update on that :) I opened a ticket with my upstream, they came back and gave me a real (as opposed to a noreply) email address and said to contact the agency (no pun intended) directly. Here's the exchange with them (tl;dr is that everything worked out): Dear Bradley D. Thornton, thanks a lot for your detailed feedback! We have now whitelisted 95.216.171.182 for telnet reports. Kind regards Team CERT-Bund -- Bundesamt für Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security Referat OC 23 - CERT-Bund Section OC 23 - CERT-Bund Godesberger Allee 185-189 53175 Bonn, Germany Tel: +49 (0)228 99 9582 5110 Fax: +49 (0)228 99 9582 7025 Web: https://www.bsi.bund.de/CERT-Bund/ https://www.bsi.bund.de/EN/CERT-Bund/ PGP & S/MIME: https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Aktivitaeten/CERT-Bund/Kontakt/kontakt_node.html https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/Contact/contact_node.html Am 09.09.2019 13:10 schrieb Bradley D. Thornton: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello, > > I received the attached letter via email three days ago from your abuse > department, via my provider, Hetzner.de > > I do indeed run a service via telnet, over IPv4 as well as IPv6. It is > a BBS > system and telnet on port 23 is standard for BBSes, and also, port 23 > is assigned as such by IANA, for telnet purposes specifically, and as > a legitimate service for forward facing Internet services. > > I do appreciate the concerns of the German Federal Office for > Information Security (BSI), am quite aware of the potential for abuse > in OTHER circumstances, but the BBS does not permit shell access to > the system in anyway and further, the daemon drops privs to a regular > user following start up and operates in a chrooted dosemu environment > itself. > > This is perfectly normal, legitimate, and an accepted (and safe) > practice, and there are no documented cases of system compromise that > I or any other BBS SysOPs that I have discussed this with are aware of > historically, for services configured in the way explained above. > > I would, however, like to thank you for bringing this to my attention, > it reinforces my confidence in your commitment to proactive management > in safeguarding the assets service providers such as myself, and > please feel free to add this particular port number for my IP address > (95.216.171.182:23) to your white list. > > Thank you in advance, for your assistance in this matter, and do feel > free to contact me directly if you have any further questions. > > Kindest regards, > - -- > Bradley D. Thornton > Manager Network Services > http://NorthTech.US > TEL: +1.310.421.8268 > -----BEGIN PGP SIGNATURE----- > Comment: Find this cert at hkps://keys.openpgp.org > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQEzBAEBCAAdFiEENWT7St9Eg6sLyiLAuIw5wQytyEkFAl12Mp8ACgkQuIw5wQyt > yEk4+Af8DTRMQUpTOzTye7/eWjfSpgoM1hWUP3JP8PQrnOTLV5N/o3an+K4nVJwx > GtD1VFUGToe+on2fo5Q6aNr49ppEFHJseMQWcHoMFP2pdoAKaGEB3Lqgd71J88f7 > 3fL6Pkba+DCQNXUOBp5EDIKdTezCfgC+mYqsr0IFa8eWIN4ZrUYIYpeaC6uNUX7L > W0lCrBO4zjzgo0VUT128LaDQEacUZXoDqk63h5m0DP5fDy2N+9Lecat1Hc72CBFz > ZneEJcLLIPtR/cgkRYu4THXFXoCHAmGDXxOv/EFdQgSkP0naaLfAi/huI/eHt4yH > Nrw3/w7XPQTyg8fCrS3DczzcROLp3A== > =HzwE > -----END PGP SIGNATURE----- > Well I just thought that I'd share that with everyone :) Kindest regards, Bradley .. .