Re: Pro-active firewall?
  By: Shurato to All on Mon Jul 01 2024 05:27 pm

 > I tried to use net2bbs, but for some reason, every time elebbs connects, it
 > drops carrier immediately.  Is there anything I can use with my BBS software
 > that will identify repeated attacks and put them in a blacklist?  I'm
 > already running Mystic for MRC, and don't want to run another BBS for
 > this...  I saw wail2ban, but that only identifies login attempts for the OS.

If the attacks you defend against leaves a fingerprint in some logfile, you can
either shoehorn fail2ban into parsing that logfile and identifying the attacks,
or write a custom script that runs every so often, scans the log file and
triggers a response when the attack is detected.

The script that runs periodically is not a great alternative (because if you
have a scan periodicity of, say, 5 minutes, attackers can do as they want until
thy are caught by the next iteration of the scaner). It s simple, though.

I am not familiar with the software you are trying to protect so I cannot be of
much help.


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.20-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)