FidoSysop Blog

BBS Telnet Access Closed Due To Penetration Attempts

BBS Telnet Access is Temporarily Closed due to Brute Force Penetration Attempts. 09/21/16 see resolution update posted below.

Someone has been brute force attacking the BBS via port 23 – Telnet. Unfortunately for the time being we were forced to close Wildcat’s telnet port shutting off anyone trying to connect to the bbs via this method.

BBS Telnet Probing

Wildcat BBS Online Controller showing massive Telnet probing

Wildcat 5 BBS software was way advanced in its day and is highly configurable. The ability to change ports on the web http side was also an advance feature, but unfortunately the only Telnet option is to turn it on or off, but not change the access port.

Wildcat BBS Desktop View

Wildcat BBS SysOp’s view also showing Platinum Express mail tosser and BAP Stats

We only have a couple of Telnet users accessing the bbs. Unfortunately due to security concerns for our network Telnet access must be closed. We are working on a solution. Possibly running the bbs under our existing CloudFlare account.

Update 09/21/16: It is being reported that certain SOHO Routers have an inherit vulnerability that can allow an attacker network access on port 23. This is what so called “script kiddies” are remotely scanning for. It’s a form of War Driving, similar to modem dialing a series of phone numbers looking for modems that answered (Movie War Games) but scanning a block of IP’s instead.

We have reached a solution that is allowing BBS Telnet access again, but are not announcing it in this post for security reasons. Users accessing the BBS by Telnet have been notified of the new login routine. 😉

Retired used car dealer (trust-me) and ASE cert mechanic turned hobbyist internet webmaster. I also operate Doc's place computer bulletin board system (bbs) since 1991. This blog does not generate revenue by displaying pay-per-click advertising. Pop-ups and ads are distractions that cheapens the message being sent. Kindly comment and share while you're here :=)

4 Comments

  1. John Draugr

    WOW!

    I just put my Wildcat BBS back online last night after being down for years and immediately my 10 node system was showing connection attempts like crazy. I logged in and it said Node 21 (I only have a 10 node license). I quickly took the server down and tonight I started looking for info on changing the Telnet port in Wildcat 6.x. This was the first page that I read and was not expecting to see the exact same issue I had last night (10-25-2016). I guess its all over for my use of Wildcat. I only care about the old door games and thus only used the ANSI (old school) portion of the software with telnet connections.

    Now I need to find some other software. Perhaps Mystic BBS, or Gamesrv.

    Reply
    1. FidoSysop

      Apparently this is coming from a botnet scanning multiple ip addresses looking for a response, which if found will trigger more probing looking for a vulnerability to exploit.

      Whoever is doing it is probing the default Telnet port 23. Easiest fix is to close off Internet port 23 in your router. Then define another port for Wildcat telnet access, open that port up for Internet access. Then forward that defined port to 23 in your WAN to the machine that runs the Wildcat server.

      The down side of this is somehow telling your users what port to use for telnet access. Wasn’t a big deal here as only 2 of our users still used telnet to access the bbs.

      Reply
      1. John Draugr

        Thats a good idea. I wouldn’t have thought about that. The port forwarding I have on my router is usually port xyz to xyz, but you are right that you can use port 123 and point it internally to xyz. Thanks for the idea. I started toying with Gamesrv last night as it allows you to change the telnet port in the configuration files (unlike WC), but with your idea, Wildcat can still be used. Thanks again! 🙂

        John

        Reply
  2. Ozz Nixon

    The more expensive routers in the SOHO market (like Cisco) call this PAT instead of NAT. I have done PenTest against many Windows based Telnet/BBSes – none had a vulnerability that could jeopardize the host integrity. Yes, many Windows Winsock listeners fall for DoS attacks when a raw SYN_ packet is sent by never followed through with an ACK the listener has already pulled the handle from the Queue and left hanging for 2 to 5 minutes (depending upon your OS level and version). In a 10 node environment, it takes about 50ms to DoS from a single site.

    * You should look into a more advanced firewall solution, even a small Raspberry Pi running a Linux firewall – will give you the ability to be proactive and auto-block a hacker after 3 to 5 failed attempts. (Me, I built that natively into the BBS I am coding for today’s age).

    Ozz

    — Is it still called Retro if you never left?
    * RVA Fido Support – Exchange BBS (alpha dev site) – (1:275/362)

    Reply

Leave a Comment

Your email address will not be published.