I'm looking for a way for BinkD to reject the incoming connection based
on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?
As some of you may know I run an othernet in Zone 21 and have a /999
test AKA that nodes who which to test their polling setup to my HUB
can use when first setting up and before they apply and get their own
node number.
The problem I have at present is that someone has set up their BBS and
is polling the HUB every 2 minutes using the test AKA. This is way too frequent, has been going on for weeks, and despite a netmail to that
test system asking for the sysop to contact me to arrange their own
node number, there's been no reply and no let up in polling frequency.
I'm looking for a way for BinkD to reject the incoming connection
based on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?
Note I am not a perl guru so any suggested fix you have I'd appreciate
a bit of hand holding to implement it.
Also of note, setting such a block up is not my preferred choice but I have exhausted options to contact the unknown sysop and want to ensure
the test AKA is available for others to send/recieve packets from
also... with a polling frequency of 2 mins the offending system gives
no one else a look in.
Why not just block his IP (range) in your firewall? That would be the
easy sollution...
I see in the binkD FAQ that there is a way to block a known IP. Check
out the distro .CFG file. Good luck.
Also of note, setting such a block up is not my preferred choice but I have exhausted options to contact the unknown sysop and want to ensure
the test AKA is available for others to send/recieve packets from
also... with a polling frequency of 2 mins the offending system gives
no one else a look in.
Why not just block his IP (range) in your firewall? That would be the
easy sollution...
because I don't really know it, and I suspect other nodes may be part of that range...
I'm looking for a way for BinkD to reject the incoming connection based on something like SYS or ZYZ info presented. Is such a thing possible using a perl script or similar?
Note I am not a perl guru so any suggested fix you have I'd appreciate a bit of hand holding to implement it.
By the way, binkd can handle multiple connections simultaneously, so I can't r
lly imagine how a single node can cause DoS by polling your system every 2 min
es.
Paul -- if nothing else, maybe you could set up a second/new test
node, like /9999, to allow others to test?
Mike
If your system can suffer from DoS because of a single person making single connection once in 2 minutes, imagine what happens, if someone
Works:
? 13:06 [2106] aborted by Perl after_handshake(): Get lost!
+ 13:06 [2106] done (to 4095:1/2@testnet, failed, S/R: 0/0 (0/0 bytes))
The issue is that the polling node is using the test node number, /999, instead of an assigned number. Anyone else who is trying to test a new connection, who does not somehow manage to get their polls all done in
the 2-minute window, will have whatever response messages they were looking for picked up by the offending node.
Paul -- if nothing else, maybe you could set up a second/new test node, like /9999, to allow others to test?
What century do you live in? ;-)
The times the new nodes were lining up by the dozens are long gone...
On 05-20-21 13:13, Oli wrote to Paul Hayton <=-
Script:
sub after_handshake
{
if ($sysop eq "Oli") {
return "Get lost!";
}
else
{
return 0
}
}
Have you built binkd with perl support?
The issue is that the polling node is using the test node number,
/999, instead of an assigned number. Anyone else who is trying to
test a new connection, who does not somehow manage to get their polls
all done in the 2-minute window, will have whatever response messages
they were looking for picked up by the offending node.
What century do you live in? ;-)
The times the new nodes were lining up by the dozens are long gone...
Seems a bit rough to respond in that fashion.... while it's not a long queue now having a /999 test address is proving to be useful on a week to week basis in Z21
If by "messages they were looking for" you mean NOT binkp protocol messages but some netmail or echomail messages, then it's just a
terrible design flaw and should be addressed in completely different
way instead of trying to ban someone who is not doing anything
harmful.
Paul -- if nothing else, maybe you could set up a second/new test
node, like /9999, to allow others to test?
What century do you live in? ;-)
The times the new nodes were lining up by the dozens are long gone...
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 93 |
Nodes: | 16 (1 / 15) |
Uptime: | 04:46:00 |
Calls: | 5,157 |
Calls today: | 2 |
Files: | 8,492 |
Messages: | 352,739 |