-=> Marc Lewis wrote to Matt Bedynek <=-


 ML> This system takes many hundreds of "hits" per day on port
23. Bombing
 ML> runs trying to get to "root" access... Dead ended by OS/2
and VModem
 ML> that answers port 23.  I look at the bombers and sometimes end up
 ML> putting an entire /24 or /16 into the firewall config, depending on
 ML> where they're coming from. The config on the BBS machine itself is now
 ML> over 300 rules long.  It's astounding to watch some moron hitting the
 ML> port over and over and over and over trying to break into the system...
 ML> And then jumping to a different IP and starting the same nonsense all
 ML> over again.  Idiots.  ;-\  Very annoying but ultimately harmless
 ML> because of the system itself.

That's happening here constantly.  It's mainly from China, Russia, India,
Taiwan, and a few other countries notorious for lazy hackers.  I run
fail2ban here on my SSH, telnet, and FTP ports...and it's amazing how much
traffic is coming from those countries.  I could set up pfSense with its
country blocker (block entire countries at once), but I'm using a different
system right now for my LAN so fail2ban will do nicely.

I do have you beat though: my hosts.deny file is 8831 lines in size right
now...each line is an individual IP.  I'm working on a firewall solution
later on besides going through my router; I'd like to DMZ the BBS box but
that won't happen for a while longer yet.

 ML> Same stupidity with the POP3 server on a different machine (also OS/2)

My email for my BBS domain is handled by my webhost for that very reason.  I
don't really need it right now but if I ever decide to get a decent
connection (a T1 or something), I'll set up to host everything here at home.

--Sean


... An optimist is a man who starts a crossword puzzle with a fountain pen.
--- MultiMail/Linux