Forum: Dock Sud BBS

ip.can question

From Mro@VERT/BBSESINF to digital man on Sat Jan 28 22:35:10 2017

how many line entries for .can files can synchronet handle?

i'm grabbing the tor exit node list and thowing it in ip.can and
it's getting quite large and i was wondering how large i can let this
file get before i have issues.

thanks,
---
� S

From mark lewis@VERT to Mro on Sun Jan 29 10:16:26 2017

On 2017 Jan 28 22:35:10, you wrote to digital man:

how many line entries for .can files can synchronet handle?

i'm interested in this, too... for blocking MIRAI related IPs...

i'm grabbing the tor exit node list and thowing it in ip.can and it's getting quite large and i was wondering how large i can let this file
get before i have issues.

i wonder if ip.can and others can include files?

eg:
; Enter filtered (disallowed) IP addresses in this file
; Wildcard characters (*, ^, ~) are allowed and ! negates the match
; Rejection message file: text/badip.msg
#include tor-exit-nodes.lst
#include MIRAI-IPs.lst

that would be cool because then you could cron a script with something like

/usr/bin/curl https://check.torproject.org/exit-addresses -O
/bin/grep -Eo -e "[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}" exit-addresses > tor-exit-nodes.lst

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... I feel lucky to be alive today and so do the people I BBQ'd for!
---
* Origin: (1:3634/12.73)
� Synchronet � Vertrauen � Home of Synchronet � telnet://vert.synchro.net

From Mro@VERT/BBSESINF to mark lewis on Sun Jan 29 11:52:51 2017

Re: ip.can question
By: mark lewis to Mro on Sun Jan 29 2017 10:16 am

how many line entries for .can files can synchronet handle?

i'm interested in this, too... for blocking MIRAI related IPs...

i'm grabbing the tor exit node list and thowing it in ip.can and it's getting quite large and i was wondering how large i can let this file get before i have issues.

i wonder if ip.can and others can include files?

well you can just make your own individual script that reads a can and disconnects them or adds them to ip.can. that's what my bbs capcha does.
---
� Synchronet � ::: BBSES.info - free BBS services :::

From Digital Man@VERT to Mro on Sun Jan 29 12:41:19 2017

Re: ip.can question
By: Mro to digital man on Sat Jan 28 2017 10:35 pm

how many line entries for .can files can synchronet handle?

It's theoretically unlimited.

i'm grabbing the tor exit node list and thowing it in ip.can and
it's getting quite large and i was wondering how large i can let this
file get before i have issues.

The entire file is read for each search/connection, so you could see performance issues if you have huge .can files.

digital man

Synchronet/BBS Terminology Definition #6:
BinkP = BinkD Protocol
Norco, CA WX: 74.9�F, 18.0% humidity, 0 mph NW wind, 0.00 inches rain/24hrs
---
� Synchronet � Vertrauen � Home of Synchronet � telnet://vert.synchro.net

From mark lewis@VERT to Mro on Sun Jan 29 17:06:32 2017

On 2017 Jan 29 11:52:50, you wrote to me:

i wonder if ip.can and others can include files?

well you can just make your own individual script that reads a can and disconnects them or adds them to ip.can. that's what my bbs capcha
does.

i was looking at the fact that it would be much easier to simply rewrite the include file and let sbbs pick it up when it notices the change... that way the
rest of the ip.can file doesn't have to be muched about with in some script... neither would any other include files... just change the one that needs changing... this is similar to the way that the binkd mailer has include files for your contacts and its nodelist... you simply update the file and binkd can detect it and reload those parts automatically without the need to recycle the entire server...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Success is getting up one more time.

From Fat Rastus@VERT/EWBBS to Mro on Mon Jan 30 10:00:28 2017

i'm grabbing the tor exit node list and thowing it in ip.can and
it's getting quite large and i was wondering how large i can let this
file get before i have issues.

I filter such lists with the firewall so that sbbs doesn't have to handle this. Firewalls are designed to handle large lists of IPs. Besides, tasks such as these are the firewalls job.. SBBS' ip.can is icing on the cake.

---
� Synchronet � Electronic Warfare BBS | telnet://bbs.ewbbs.net

From Mro@VERT/BBSESINF to Fat Rastus on Mon Jan 30 14:37:25 2017

Re: ip.can question
By: Fat Rastus to Mro on Mon Jan 30 2017 10:00 am

i'm grabbing the tor exit node list and thowing it in ip.can and
it's getting quite large and i was wondering how large i can let this
file get before i have issues.

I filter such lists with the firewall so that sbbs doesn't have to handle this. Firewalls are designed to handle large lists of IPs. Besides, tasks such as these are the firewalls job.. SBBS' ip.can is icing on the cake.

yeah, i use a software firewall and routinely add the ip addresses to it so the bbs isnt affected by the attacks.

i was just wondering because my .can files are getting really big.
i delete dupes and that helps, but wonder how much it can handle until it starts going bonkers.
---
� Synchronet � ::: BBSES.info - free BBS services :::

From Fat Rastus@VERT to Mro on Mon Jan 30 15:37:22 2017

i was just wondering because my .can files are getting really big.
i delete dupes and that helps, but wonder how much it can handle until it starts going bonkers.

I like idea of an include command. I too like to sort lists such as these since I have scripts that keep them updated.
--- SBBSecho 3.00-Linux
* Origin: Electronic Warfare BBS | telnet:\\bbs.ewbbs.net (1:227/201)
� Synchronet � Vertrauen � Home of Synchronet � telnet://vert.synchro.net

From Mro@VERT/BBSESINF to Fat Rastus on Mon Jan 30 16:18:19 2017

Re: ip.can question
By: Fat Rastus to Mro on Mon Jan 30 2017 03:37 pm

i was just wondering because my .can files are getting really big.
i delete dupes and that helps, but wonder how much it can handle until it starts going bonkers.

I like idea of an include command. I too like to sort lists such as these since I have scripts that keep them updated.

it would be nice, because we could produce updated country blocks
and distribute them.
---
� Synchronet � ::: BBS

From Hemo@VERT/UJOINT to Fat Rastus on Mon Jan 30 15:58:41 2017

Re: ip.can question
By: Fat Rastus to Mro on Mon Jan 30 2017 10:00 am

i'm grabbing the tor exit node list and thowing it in ip.can and
it's getting quite large and i was wondering how large i can let this
file get before i have issues.

I filter such lists with the firewall so that sbbs doesn't have to handle this. Firewalls are designed to handle large lists of IPs. Besides, tasks such as these are the firewalls job.. SBBS' ip.can is icing on the cake.

I'm doing the same thing. filtering through logs and .can files and then handing those IP's over to iptables to filter. Let SBBS identify the 'bad' ones, and then let iptables handle them when they hit a certain limit. Greatly reduced process usage.

Right now I manually run a few bash scripts to do this, but planning on trying to do something in baja to make it easier to call as an event.

--
Hemo

... Federal Employment Principle: Confusion creates jobs.

---
� Synchronet � - Running madly i

From Knightmare@VERT/P99BBS to Mro on Tue Jan 31 02:26:40 2017

Re: ip.can question
By: Mro to Fat Rastus on Mon Jan 30 2017 04:18 pm

it would be nice, because we could produce updated country blocks
and distribute them.

-+-
I like this idea.

---
� Synchronet � Precinct 99 BBS -- p99bbs.home

From KK4QBN@VERT/KK4QBN to Knightmare on Tue Jan 31 08:14:06 2017

Re: ip.can question
By: Knightmare to Mro on Tue Jan 31 2017 02:26 am

it would be nice, because we could produce updated country blocks
and distribute them.

-+-
I like this idea.

Yeah, like .vn .ro .ru *.gov.br

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
� Synchronet � KK4QBN BBS - (706)422-9538 - kk4qbn.synchro.net, Chatsworth GA US

From Knightmare@VERT/P99BBS to KK4QBN on Sun Feb 5 00:53:43 2017

Re: ip.can question
By: KK4QBN to Knightmare on Tue Jan 31 2017 08:14 am

Here's my list:
----------
*.br
*.cn
*.cz
*.ru
*.it
*.tt
*.vn
*.be
*.hinet.net
*.tr
*.kbtelecom.net
*.pt
*.canle.net.co
*.ch
*.ar
*.tw
*.ZA
*.cl
*skanova.com
*.rs
*tpgi.com.au
----------

My machine's been banged around so much I finally changed the port to 2323

---
� Synchronet � Precinct 99 BBS -- p99bbs.homenet.org - Lewis Center, OH USA

From Mro@VERT/BBSESINF to Knightmare on Sun Feb 5 12:04:58 2017

Re: ip.can question
By: Knightmare to KK4QBN on Sun Feb 05 2017 12:53 am

Re: ip.can question
By: KK4QBN to Knightmare on Tue Jan 31 2017 08:14 am

Here's my list:
----------

those are hosts , not ips
---
� Synchronet �

From KK4QBN@VERT/KK4QBN to Knightmare on Sun Feb 5 10:47:05 2017

Re: ip.can question
By: Knightmare to KK4QBN on Sun Feb 05 2017 12:53 am

Here's my list:
----------
*.br
*.hinet.net

I actually have many many ips that have been autoplaced there from sbbs now, especially hinet.net. it seems I have had a reduction in attempts now, but still have soemthing probing a port somewhere most all time, just not getting hammered anymore.

--

Tim Smith (KK4QBN)
KK4QBN BBS

---
� Synchronet � KK4QBN BBS - (706)422-9538 - kk4qbn.synchro.

From Knightmare@VERT/P99BBS to Mro on Sun Feb 5 16:12:57 2017

Re: ip.can question
By: Mro to Knightmare on Sun Feb 05 2017 12:04 pm

Here's my list:
----------

those are hosts , not ips

-+-
You're right, but these domain cuts down a lot of trsffic too... My IP list is too long to list.

---
� Synchronet � Precinct 99 - p99bbs.homenet.org:2323 - Lewis Center, OH USA

Who's Online

System Info

Sysop:	Ragnarok
Location:	Dock Sud, Bs As, Argentina
Users:	137
Nodes:	10 (0 / 10)
Uptime:	369:30:22
Calls:	15,498
Files:	20,142
D/L today:	4 files (213K bytes)
Messages:	1,870,126

ip.can question

Who's Online

System Info