1. Forum
  2. FSXNet
  3. FSX GEN

  • Telnet Port 23 Attacks

    From Spectre@21:3/101 to ryan on Wednesday, March 11, 2020 12:12:00
    Which logfile would you use to inform fail2ban?

    You have choices depending whats happening. It might be the BBS log, it could also be syslog, or auth.log. They're all points where the detection could be made, but the information in each one tends to be slightly different, so you'd need a custom match for each log.

    Spec


    --- SuperBBS v1.17-3 (Eval)
    * Origin: < Scrawled in blood at The Lower Planes > (21:3/101)
  • From Spectre@21:3/101 to g00r00 on Thursday, March 12, 2020 10:31:00
    In otherwords, Mystic can ultimately use the same system fail2ban
    uses to block connections without actually needing to use fail2ban
    at all. Of course you can still use it, but its just adding a middle
    layer than may not really offer anything more to help you.


    Woohoo! Good If anything depending on the logic, you might stop mystic
    having to check for them at all, or it'll be picking up everything your F2B setup is missing. I've kept F2B chasing down continuous 404's on the web server
    too. :)

    Spec


    --- SuperBBS v1.17-3 (Eval)
    * Origin: < Scrawled in blood at The Lower Planes > (21:3/101)