> Hi Mark,
>>> Any tips or suggestions as to a way to limit/avoids telnet login
>>> attacks on BBBS?
>>they're scripts looking for unpatched telnet servers or those that they can r
>> a dictionary attack against using the lists of usernames and passwords they
>> have gathered...
>Yes, agree there. These logins that Jeff mentions have been happening here as
> well... most times they don't attempt to login... just connect, then sprout
> another node, disconnect, & on and on. They sometimes come in droves
Yeah, they were coming in every three minutes for awhile. No actual logins. I
bet I added 15 IP's to be blocked by BBBS in an hours time. This has been
going on in spurts over the last week or so here.
>>most are likey to be botnets since those folks over there seem to prefer to r
>> pirated OSes which can't or won't be patched... then again, many over there
>> probably don't even know they've been hacked and taken over...
>> i've found the best protection is in the perimeter firewall using an active
>>response system that blocks connections based on the traffic they transmit...
>Do you mean block out say ip ranges? Outside of that I can't figure out how to
> deal with this since it's now not only china, but korea, today I saw a number
> of them from Mexico ... geez.
Of the IP's I checked I'd say about 85% were from China and the rest fro
Korea. Didn't see and from Mexico. Yet.
>>> Then there are those few that try to login via telnet as "Root".
>>> :-)
>> yeah, you should put that one as well as admin and administrator in your bad
>> names file... and 1234, 12345 as well
> Yes, have done that early on
>> and also in your bad passwords file...
> Hmm.. I don't think BBBS has a bad passwords file.. there is a bad username
> file though...
Ummm.. You sure?
I done added a number of unacceptable names and passwords first thing.
> Take care,
> Janis
Jeff
--- BBBS/NT v4.01 Flag
* Origin: The Ouija Board - bbs.ouijabrd.net (1:282/1031)
|
