Amiexpress Telnet node locking up

The name says it all!
Tue Sep 27, 2016 12:35 pm


  • So you have amiexpress up and running and live on the internet, after a day or some hours the telnet nodes will stop working. Unfortunately, the internet is littered with script kiddies that flood port 23 (telnet). The flooding crashes telnetd.device, but there are a few ways to fix this issue and it all depends on weather you are running emulation or real hardware.

    Options for real hardware, which can also be used with emulation:

    The easiest method that helps, is to change the standard telnet port of 23 to something like 1541 or any of your choosing that is not a standard port.

    Your best option is to attack the problem at the router level.
    You can download custom firmware and run scripts to help stop the floods.

    Custom firmware
    DD-WRT for Linksys and Cisco Routers
    https://www.dd-wrt.com/site/

    Merlin Firmware for Asus Routers
    https://asuswrt.lostrealm.ca/

    I would recommend using Winscp to create and edit scripts on your router.
    https://winscp.net/
    You can always just use a plain text editor and SSH

    Some of these custom firmware's allow you to block by countries which is a major help.
    Another option is to block by number of connection in a give time, sort of like a brute force block.

    Example:
    (This is my script for my Asus RT-AC68R, using Merlin Firmware(
    iptables -N TELNETBFP -t nat
    iptables -A TELNETBFP -t nat -m recent --set --name TELNET --rsource
    iptables -A TELNETBFP -t nat -m recent --update --seconds 7200 --hitcount 5 --name TELNET --rsource -j RETURN

    This blocks an Ip address that connects to telnet more than 5 times in 120 minutes.
    I would also recommend using a country block if your firmware supports it.

    --------------------------------------- Complete custom script below this line
    #!/bin/sh
    logger "firewall" "Applying nat-start rules"
    iptables -N TELNETBFP -t nat
    iptables -A TELNETBFP -t nat -m recent --set --name TELNET --rsource
    iptables -A TELNETBFP -t nat -m recent --update --seconds 7200 --hitcount 5 --name TELNET --rsource -j RETURN
    iptables -A TELNETBFP -t nat -p tcp --dport 23 -m state --state NEW -j DNAT --to-destination 192.168.1.57:23
    iptables -I VSERVER -t nat -i eth0 -p tcp --dport 23 -m state --state NEW -j TELNETBFP

    ------------------------------------Custom script ends

    Remember to remove any forwards you may have in your gui.
    There are specific things needed to get Merlin firmware working on an asus router, including a flash drive.


    Emulation via Windows

    Routers with custom firmware and changing telnet do a different port can be used here as well.

    Peerblock is a great piece of software that can block out entire countries.
    http://forums.peerblock.com/
    You can find the downloadable files in the forums.

    Peerblock can be used with Iblock list that provides all sorts of lists which are being updated constantly. There is a small annual charge for this list.
    https://www.iblocklist.com/

    I would usually recommend just blocking all countries except for the one's you want.

    I also use a software called Protomon with some custom scripts that checks that the bbs is up and running, and if not it will restart Amikit.
    http://protomon.net/
    The lite version should work fine and it's free.
    If you are interested in my custom scripts just reply and I will add on the documentation on how to get it going.

    Good Luck!

    Black Beard
    User avatar
    Black Beard
     
    Posts: 37
    Joined: Sun Mar 30, 2014 9:17 pm



  • Grat stuff Black Beard!

    I got something similar running on my Linux server/router using IPTABLES.
    I have imported a list to block all APNIC-IPs using Ipset.

    As far as I understand from your script, it will block the IP if it tries to connect more than 5 time times during 120 minutes.
    I tried this, but a botnet with multiple IPs banging will still bring the nodes down.
    But wouldn' this script accept the connection attempt if comes back after 120 mins?

    I'm logging connectionattempts to the kern.log file, and working on a script that tails the log searching for possible break in attempts and add it to a DROP rule in the FORWARD chain.
    Firestone
     
    Posts: 4
    Joined: Fri Sep 09, 2016 2:55 pm



  • It's not meant to block for good and it is mainly for hammering of the telnet node, which usually is the main problem.

    I am pretty sure I can add those Ip's to a ban list with Merlin firmware though.
    Here is a list of commands:

    ##############################
    #####Commands / Variables#####
    ##############################
    UNBANSINGLE="unban" # <-- Remove Single IP From Blacklist
    UNBANALL="unbanall" # <-- Unbans All IPs In Blacklist
    REMOVEBANS="removeall" # <-- Remove All Entries From Blacklist
    SAVEIPSET="save" # <-- Save Blacklists to /jffs/scripts/ipset.txt
    BANSINGLE="ban" # <-- Adds Entry To Blacklist
    BANCOUNTRYSINGLE="country" # <-- Adds entire country to blacklist
    BANCOUNTRYLIST="bancountry" # <-- Bans specified countries in this file
    WHITELIST="whitelist" # <-- Add IPs from path to Whitelist
    NEWLIST="new" # <-- Create new IPSet Blacklist
    DUMPCFE="dumpcfe" # <-- Dumps current CFE to /jffs/scripts/cfe.dump
    UPDATECFE="updatecfe" # <-- Flash CFE from /jffs/scripts/cfe.flash (reset nvram afterwards)


    Different firmware's do take different commands, and even different versions of the same router firmware may differ.

    Black Beard
    User avatar
    Black Beard
     
    Posts: 37
    Joined: Sun Mar 30, 2014 9:17 pm



  • Hmm... I'm pleased to report back that I got a much more stable board here after borrowing some ideas from your setup :)
    Thanks a lot mate :)
    Firestone
     
    Posts: 4
    Joined: Fri Sep 09, 2016 2:55 pm

Fri Oct 28, 2016 12:04 pm


  • Glad to hear it was useful and if you encounter anything else post a message.

    Good Luck!

    Black Beard
    User avatar
    Black Beard
     
    Posts: 37
    Joined: Sun Mar 30, 2014 9:17 pm



Return to Troubleshooting AmiExpress




Information
  • Who is online
  • Users browsing this forum: No registered users and 1 guest
cron