Page 1 of 1

Amiexpress Telnet node locking up

PostPosted: Tue Sep 27, 2016 12:35 pm
by Black Beard
So you have amiexpress up and running and live on the internet, after a day or some hours the telnet nodes will stop working. Unfortunately, the internet is littered with script kiddies that flood port 23 (telnet). The flooding crashes telnetd.device, but there are a few ways to fix this issue and it all depends on weather you are running emulation or real hardware.

Options for real hardware, which can also be used with emulation:

The easiest method that helps, is to change the standard telnet port of 23 to something like 1541 or any of your choosing that is not a standard port.

Your best option is to attack the problem at the router level.
You can download custom firmware and run scripts to help stop the floods.

Custom firmware
DD-WRT for Linksys and Cisco Routers
https://www.dd-wrt.com/site/

Merlin Firmware for Asus Routers
https://asuswrt.lostrealm.ca/

I would recommend using Winscp to create and edit scripts on your router.
https://winscp.net/
You can always just use a plain text editor and SSH

Some of these custom firmware's allow you to block by countries which is a major help.
Another option is to block by number of connection in a give time, sort of like a brute force block.

Example:
(This is my script for my Asus RT-AC68R, using Merlin Firmware(
iptables -N TELNETBFP -t nat
iptables -A TELNETBFP -t nat -m recent --set --name TELNET --rsource
iptables -A TELNETBFP -t nat -m recent --update --seconds 7200 --hitcount 5 --name TELNET --rsource -j RETURN

This blocks an Ip address that connects to telnet more than 5 times in 120 minutes.
I would also recommend using a country block if your firmware supports it.

--------------------------------------- Complete custom script below this line
#!/bin/sh
logger "firewall" "Applying nat-start rules"
iptables -N TELNETBFP -t nat
iptables -A TELNETBFP -t nat -m recent --set --name TELNET --rsource
iptables -A TELNETBFP -t nat -m recent --update --seconds 7200 --hitcount 5 --name TELNET --rsource -j RETURN
iptables -A TELNETBFP -t nat -p tcp --dport 23 -m state --state NEW -j DNAT --to-destination 192.168.1.57:23
iptables -I VSERVER -t nat -i eth0 -p tcp --dport 23 -m state --state NEW -j TELNETBFP

------------------------------------Custom script ends

Remember to remove any forwards you may have in your gui.
There are specific things needed to get Merlin firmware working on an asus router, including a flash drive.


Emulation via Windows

Routers with custom firmware and changing telnet do a different port can be used here as well.

Peerblock is a great piece of software that can block out entire countries.
http://forums.peerblock.com/
You can find the downloadable files in the forums.

Peerblock can be used with Iblock list that provides all sorts of lists which are being updated constantly. There is a small annual charge for this list.
https://www.iblocklist.com/

I would usually recommend just blocking all countries except for the one's you want.

I also use a software called Protomon with some custom scripts that checks that the bbs is up and running, and if not it will restart Amikit.
http://protomon.net/
The lite version should work fine and it's free.
If you are interested in my custom scripts just reply and I will add on the documentation on how to get it going.

Good Luck!

Black Beard

Re: Amiexpress Telnet node locking up

PostPosted: Sun Oct 02, 2016 7:52 pm
by Firestone
Grat stuff Black Beard!

I got something similar running on my Linux server/router using IPTABLES.
I have imported a list to block all APNIC-IPs using Ipset.

As far as I understand from your script, it will block the IP if it tries to connect more than 5 time times during 120 minutes.
I tried this, but a botnet with multiple IPs banging will still bring the nodes down.
But wouldn' this script accept the connection attempt if comes back after 120 mins?

I'm logging connectionattempts to the kern.log file, and working on a script that tails the log searching for possible break in attempts and add it to a DROP rule in the FORWARD chain.

Re: Amiexpress Telnet node locking up

PostPosted: Mon Oct 03, 2016 2:38 pm
by Black Beard
It's not meant to block for good and it is mainly for hammering of the telnet node, which usually is the main problem.

I am pretty sure I can add those Ip's to a ban list with Merlin firmware though.
Here is a list of commands:

##############################
#####Commands / Variables#####
##############################
UNBANSINGLE="unban" # <-- Remove Single IP From Blacklist
UNBANALL="unbanall" # <-- Unbans All IPs In Blacklist
REMOVEBANS="removeall" # <-- Remove All Entries From Blacklist
SAVEIPSET="save" # <-- Save Blacklists to /jffs/scripts/ipset.txt
BANSINGLE="ban" # <-- Adds Entry To Blacklist
BANCOUNTRYSINGLE="country" # <-- Adds entire country to blacklist
BANCOUNTRYLIST="bancountry" # <-- Bans specified countries in this file
WHITELIST="whitelist" # <-- Add IPs from path to Whitelist
NEWLIST="new" # <-- Create new IPSet Blacklist
DUMPCFE="dumpcfe" # <-- Dumps current CFE to /jffs/scripts/cfe.dump
UPDATECFE="updatecfe" # <-- Flash CFE from /jffs/scripts/cfe.flash (reset nvram afterwards)


Different firmware's do take different commands, and even different versions of the same router firmware may differ.

Black Beard

Re: Amiexpress Telnet node locking up

PostPosted: Wed Oct 26, 2016 7:32 pm
by Firestone
Hmm... I'm pleased to report back that I got a much more stable board here after borrowing some ideas from your setup :)
Thanks a lot mate :)

Re: Amiexpress Telnet node locking up

PostPosted: Fri Oct 28, 2016 12:04 pm
by Black Beard
Glad to hear it was useful and if you encounter anything else post a message.

Good Luck!

Black Beard