• Synchronet security: failed logins

    From Karloch@1:103/705 to All on Tue Nov 19 00:11:59 2019
    Hello *.*,

    Lately my Synchronet BBS has been suffering brute force attacks that are more persistent that usual, fortunately without success for them. I am trying to harden the BBS as much as possible and a question raises to me:

    I have many login attempts with wrong usernames. I think that the BBS brute force defenses only count failed login attempts when a user fail their password. If that's Synchronet behaviour, then it would have two problems:

    * An attacker can still bash the BBS by just using wrong usernames that result on 'Unknown User'.
    * An attacker can also infinitely test different usernames so he can get information of who is an actual user in the BBS and afterwards try brute-force (brute-force is useless if you don't even know the username).

    Is it possible to ban these connection attempts that ends with the 'Unknown User' result?

    And another question: have anyone tried to use fail2ban (UNIX only) for same purpose? The configuration at the wiki[1] have the same behaviour: it will only ban on failed password, not unknown user.

    Regards,
    Carlos

    [1] http://wiki.synchro.net/howto:fail2ban

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Karloch on Mon Nov 18 21:08:51 2019
    Re: Synchronet security: failed logins
    By: Karloch to All on Tue Nov 19 2019 12:11 am

    Hello *.*,

    Lately my Synchronet BBS has been suffering brute force attacks that are more persistent that usual, fortunately without success for them. I am trying to harden the BBS as much as possible and a question raises to me:

    I have many login attempts with wrong usernames. I think that the BBS brute force defenses only count failed login attempts when a user fail their password.

    No, that's incorrect.

    If that's Synchronet behaviour, then it would have two problems:

    * An attacker can still bash the BBS by just using wrong usernames that result on 'Unknown User'.
    * An attacker can also infinitely test different usernames so he can get information of who is an actual user in the BBS and afterwards try brute-force (brute-force is useless if you don't even know the username).

    Is it possible to ban these connection attempts that ends with the 'Unknown User' result?

    Yes, that's how it already works.
    http://wiki.synchro.net/howto:block-hackers

    digital man

    Synchronet/BBS Terminology Definition #23:
    DSZ = DOS Send ZMODEM (by Chuck Forsberg)
    Norco, CA WX: 70.1øF, 25.0% humidity, 0 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to Karloch on Mon Nov 18 23:17:06 2019
    I have it set for thing that are single line but I hear you can multi line it

    ---
    þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Richard Williamson on Tue Nov 19 08:54:00 2019
    Richard Williamson wrote to Karloch <=-

    I have it set for thing that are single line but I hear you can
    multi line it

    Please quote something of the message to which you are replying
    to. When you don't do that, nobody knows what you're talking
    about.



    ... Computer Hacker wanted. Must have own axe.
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karloch@1:103/705 to Digital Man on Sun Dec 1 22:19:03 2019
    Re: Synchronet security: failed logins
    By: Digital Man to Karloch on Mon Nov 18 2019 21:08:51

    Yes, that's how it already works. http://wiki.synchro.net/howto:block-hackers

    That's great, thank you so much :)

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)