Subj : Script to monitor for telnet bots
To   : Kim Heino
From : Sean Rima
Date : Fri Feb 07 2025 23:21:24

>>Has anyone got a script that scans log0 for repeated offenders trying telnet,
>> ftp etc
> I'm using rate limiting on my firewall and block too many connections there.
> It's better than inet.bbb and I've had zero problems with bots.
> My choice for firewall is Foomuuri: https://github.com/FoobarOy/foomuuri
> Example config:
> macro {
> bbbs_rate  saddr_rate "1/minute burst 2" saddr_rate_name bbbs_limit
> }
> public-localhost {
> ftp bbbs_rate ipv4
> ftp ipv6 reject      # bftpd doesn't support IPv6
> ftps bbbs_rate ipv4
> ftps ipv6 reject     # bftpd doesn't support IPv6
> telnet bbbs_rate
> tcp 24554 bbbs_rate  # BinkP
> ...
> }
>> I have been checking some of the repeaters on my logs against abuseipdb and
>> adding them to the blocked section of inet
> Foomuuri can automatically import and refresh external IP-lists for block
> lists.
> Take a look at fail2ban too. It works nicely with Foomuuri.
> https://github.com/FoobarOy/foomuuri/issues/9

Thanks, that I think will be a better idea. Need to improve my firewall anyway

Sean

--- BBBS/Li6 v4.10 Toy-7
 * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)

.