> Hi Mark,
>>> Any tips or suggestions as to a way to limit/avoids telnet login
>>> attacks on BBBS?
>>they're scripts looking for unpatched telnet servers or those that they can r
>> a dictionary attack against using the lists of usernames and passwords they
>> have gathered...

>Yes, agree there.  These logins that Jeff mentions have been happening here as
> well... most times they don't attempt to login... just connect, then sprout
> another node, disconnect, & on and on. They sometimes come in droves 

Yeah, they were coming in every three minutes for awhile. No actual logins. I
bet I added 15 IP's to be blocked by BBBS in an hours time. This has been going
on in spurts over the last week or so here.

>>most are likey to be botnets since those folks over there seem to prefer to r
>> pirated OSes which can't or won't be patched... then again, many over there
>> probably don't even know they've been hacked and taken over...
>> i've found the best protection is in the perimeter firewall using an active
>>response system that blocks connections based on the traffic they transmit...

>Do you mean block out say ip ranges? Outside of that I can't figure out how to
> deal with this since it's now not only china, but korea, today I saw a number
> of them from Mexico ... geez.

Of the IP's I checked I'd say about 85% were from China and the rest fro Korea.
Didn't see and from Mexico. Yet.

>>> Then there are those few that try to login via telnet as "Root".
>>> :-)
>> yeah, you should put that one as well as admin and administrator in your bad
>> names file... and 1234, 12345 as well
> Yes, have done that early on 
>> and also in your bad passwords file...

> Hmm.. I don't think BBBS has a bad passwords file.. there is a bad username
> file though...

Ummm.. You sure?

I done added a number of unacceptable names and passwords first thing. 

> Take care,
> Janis

Jeff

--- BBBS/NT v4.01 Flag