• All nodes busy?

    From Jeff Smith@1:282/1031 to All/kim Heino on Sun Feb 16 02:03:06 2020
    Hello There,

    I currently have the 22 node version of BBBS Toy-4. Since upgrading to the current version I have noticed that I frequently (At least once a day) run out of available nodes. I don't recall noticing this issue with previous versions of BBBS. I use iptables to help manage port access. Recently I have reconfigured bbbsd to run using all non-standard ports to see if that would affect my bust port issue. It didn't seem to make a difference. Is there something I am missing? Has anyone else had a problem with busy nodes with BBBS?

    Also, is there a way to monitor node usage and restart the bbbsd daemon if and when BBBS runs out of available nodes. Currently either rebooting the PC or killing and reloading bbbsd is the only way I can quickly get back my available
    nodes.

    Any thoughts or suggestions?


    Jeff

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: Fidonet: The Ouija Board - Anoka, MN - bbs.ouijabrd.net (1:282/1031)
  • From mark lewis@1:3634/12 to Jeff Smith on Sun Feb 16 15:05:18 2020
    Re: All nodes busy?
    By: Jeff Smith to All/kim Heino on Sun Feb 16 2020 02:03:06


    I currently have the 22 node version of BBBS Toy-4. Since upgrading
    to the current version I have noticed that I frequently (At least
    once a day) run out of available nodes. I don't recall noticing
    this issue with previous versions of BBBS. I use iptables to help
    manage port access. Recently I have reconfigured bbbsd to run
    using all non-standard ports to see if that would affect my bust
    port issue. It didn't seem to make a difference. Is there
    something I am missing? Has anyone else had a problem with busy
    nodes with BBBS?

    there is a new wave of bots attempting to recruit buggy routers into their botnet(s)... just ask my IDS/IPS* about it ;)

    but seriously, can you shorten your timeout on login for inactivity? if they don't know what to do, they will sit at the login prompt until they or you time
    out... the faster you can time them out, the faster you can get your nodes freed back up for real users...

    another thing you might be able to do is to drop/block IPs that connect more than X times in Y seconds... some BBSes have this capability and i use it in my
    IDS/IPS as well... for example, this rule from my IDS/IPS detects 5 TCP SYNs within 60 seconds and raises an alert which triggers a block of the connecting IP...

    alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:"Rapid TELNET \
    Inbound - Possible Brute Force Attack"; flags: S; \
    detection_filter: track by_src, count 5, seconds 60; \
    classtype:unsuccesful-user; sid:100000020; rev:3;)

    i highly recommend running an IDS/IPS package on one's perimeter firewall if they can... it takes some time to tune it for one's network traffic but once that is done, there's little to do other than sit back, watch the nefarious trash on the outside beat on the door trying to get in, and laugh at them... i should also note that our setup does not use any database logging/monitoring techniques with our IDS/IPS... doing this does allow for deeper analysis of alerted network traffic but in our case, we haven't seen a need for such in our
    case...


    * https://en.wikipedia.org/wiki/Intrusion_detection_system


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)