• Bink Block

    From Warpslide@21:3/110 to All on Monday, November 25, 2024 11:20:18
    Scenario: You belong to a network but decide to drop it. You've sent your hub a netmail & email letting them know. Even though two years have gone by they constantly try to poll you.

    You netmail and email again & again, never receiving a response yet they still poll your system, sometimes hundreds of times a day, each time with a password error.

    Solution? Block their ass!


    Create an IP set to store ip addresses:
    ipset -N block4 hash:net
    ipset -N block6 hash:net family inet6

    Add lines to firewall to block referenced IP sets:
    iptables -A INPUT -p all -m set --match-set block4 src -j DROP
    ip6tables -A INPUT -p all -m set --match-set block6 src -j DROP


    Automatically block them each time they poll you after their IP changes:

    #!/bin/bash
    BINKLOG="/path/to/binkd.log"

    # Find the latest log entry matching the pattern (use only one)

    # If using SysOp name:
    getpoll=$(tac "$BINKLOG" | grep -m 1 "ZYZ John Doe$")

    # If using ftn address:
    #getpoll=$(tac "$BINKLOG" | grep -m 1 "addr: 21:3/999@fsxnet$")


    if [[ -n $getpoll ]]; then
    # Extract the PID from the log entry using Bash string manipulation
    pollpid="${getpoll#*[}"
    pollpid="${pollpid%%]*}"

    # Find the full log entry associated with the PID
    poll=$(grep "\[$pollpid\] incoming session with" "$BINKLOG")

    ip=$(echo "$poll" | sed -n 's/.*\[\([^]]*\)\]$/\1/p')

    # Extract the IPv4 address from the log entry
    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then

    # Convert to CIDR format
    cidr="${ip%.*}.0/24"

    # Check if the CIDR is already in the block4 IP set
    if ! sudo ipset test block4 "$cidr" >/dev/null 2>&1; then
    # Add the CIDR to the block4 IP set and save changes
    sudo ipset add block4 "$cidr"
    sudo ipset save > /etc/iptables/ipsets
    fi

    elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then

    # Convert to CIDR format
    cidr=`echo "$ip" | cut -d: -f1-4`\:\:\/64

    # Check if the CIDR is already in the block6 IP set
    if ! sudo ipset test block6 "$cidr" >/dev/null 2>&1; then
    # Add the CIDR to the block6 IP set and save changes
    sudo ipset add block6 "$cidr"
    sudo ipset save > /etc/iptables/ipsets
    fi
    fi
    fi

    You can also get a copy from:
    https://nrbbs.net/binkblock.sh.txt


    Jay

    ... If you can't learn to do it well, learn to enjoy doing it badly

    --- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
    * Origin: Northern Realms (21:3/110)
  • From Warpslide@21:3/110 to All on Wednesday, November 27, 2024 17:03:18
    On 25 Nov 2024, Warpslide said the following...

    Solution? Block their ass!

    For some reason this person has decided to change the name they use when sending mail with binkp, so updated this script to handle multiple cases:

    #!/bin/bash
    BINKLOG="/path/to/binkd.log"

    BLOCK=(
    "ZYZ John Doe$"
    "ZYZ Jane Doe$"
    "ZYZ j0hnd03$"
    "addr: 1:234/567@fidonet"
    "addr: 21:3/999@fsxnet"
    )

    for i in "${BLOCK[@]}"; do

    # Find the latest log entry matching the pattern
    getpoll=$(tac "$BINKLOG" | grep -m 1 "$i")

    if [[ -n $getpoll ]]; then
    # Extract the PID from the log entry using bash string manipulation
    pollpid="${getpoll#*[}"
    pollpid="${pollpid%%]*}"

    # Find the full log entry associated with the PID
    poll=$(grep "\[$pollpid\] incoming session with" "$BINKLOG")

    ip=$(echo "$poll" | sed -n 's/.*\[\([^]]*\)\]$/\1/p')

    # Extract the IPv4 address from the log entry
    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then

    # Convert to CIDR format
    cidr="${ip%.*}.0/24"

    # Check if the CIDR is already in the block4 IP set
    if ! sudo ipset test block4 "$cidr" >/dev/null 2>&1; then
    # Add the CIDR to the block4 IP set and save changes
    sudo ipset add block4 "$cidr"
    sudo ipset save > /etc/iptables/ipsets
    fi
    # Extract the IPv6 address from the log entry
    elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then

    # Convert to CIDR format
    cidr=`echo "$ip" | cut -d: -f1-4`\:\:\/64

    # Check if the CIDR is already in the block6 IP set
    if ! sudo ipset test block6 "$cidr" >/dev/null 2>&1; then
    # Add the CIDR to the block6 IP set and save changes
    sudo ipset add block6 "$cidr"
    sudo ipset save > /etc/iptables/ipsets
    fi
    fi
    fi
    done


    Since adding these rules on the 25th, I already have three IPv4 address ranges and several hundred hits:

    pkts bytes target prot opt in out source dest
    392 13680 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set block4 src


    Updated version also available at:
    https://nrbbs.net/binkblock.sh.txt


    Jay

    ... What musical instrument is found in the bathroom? A tuba toothpaste

    --- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
    * Origin: Northern Realms (21:3/110)