I have a new node which is trying to connect to my system using binkp.
I am able to connect to his fine, and send/receive mail. His
attempted inbounds are not showing up on my syslog or even in the
terminal window where sbbs is running. He is connecting, per his end.
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
I have a new node which is trying to connect to my system using binkp. I am able to connect to his fine, and send/receive mail. His attempted inbounds are not showing up on my syslog or even in the terminal window where sbbs is running. He is connecting, per his end.
Mar 30 20:26:58 Scanning 1:2320/105
Mar 30 20:26:58 Queued 1 files (588 bytes) to 1:2320/105
Mar 30 20:26:58 Polling BINKP node 1:2320/105 (Mike Powell) by IPV4
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
Mar 30 20:26:58 Connected IPV4 to 67.131.57.133
Mar 30 20:26:58 Connection lost
Mar 30 20:26:58 Authorization failed
Mar 30 20:26:58 Polled 0 nodes
He is using mystic. Only thing I can figure is that his IPA might be blocked here, but it is not in my ip silent file, and nothing is in my ip.can file. Plus I am not seeing a "blocked" message in the log on on the screen, either. Is there someplace else synchronet stores blocked addresses?
I have a new node which is trying to connect to my system using binkp.
I am able to connect to his fine, and send/receive mail. His
attempted inbounds are not showing up on my syslog or even in the
terminal window where sbbs is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to capitolcityonline.net on port 24554 I connect but immediately get "connection closed by foreign host"
Looks like that to me too.. if I telnet to capitolcityonline.net
on port 24554 I connect but immediately get "connection closed by
foreign host"
FWIW, I tried it, and it worked for me - I saw the familiar OPT CRAM-MD5-...
...deon
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
I have a new node which is trying to connect to my system
using binkp. I am able to connect to his fine, and
send/receive mail. His attempted inbounds are not showing
up on my syslog or even in the terminal window where sbbs
is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to
capitolcityonline.net on port 24554 I connect but
immediately get "connection closed by foreign host"
I have a new node which is trying to connect to my system
using binkp. I am able to connect to his fine, and
send/receive mail. His attempted inbounds are not showing
up on my syslog or even in the terminal window where sbbs
is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to
capitolcityonline.net on port 24554 I connect but
immediately get "connection closed by foreign host"
that seems reasonable since you don't manually send the data
required... i set a poll for my binkd and was able to connect without problems... blank lines added to the below to avoid wordwrap hell...
for some reason, the above doesn't look right... it looks like they have the po
t tacked onto the end of your domain as well as having the port defined in thei
record for your system...
He is using mystic. Only thing I can figure is that his IPA might be
blocked here, but it is not in my ip silent file, and nothing is in my
ip.can file. Plus I am not seeing a "blocked" message in the log on on the >> screen, either. Is there someplace else synchronet stores blocked addresses?
Nope. Maybe you have a system firewall or gateway device that is filtering his >onnectons?
Trying 67.131.57.133...
Connected to capitolcityonline.net.
Escape character is '^]'.
Connection closed by foreign host.
I don't know why that happens.
Trying 67.131.57.133...
Connected to capitolcityonline.net.
Escape character is '^]'.
Connection closed by foreign host.
I don't know why that happens.
Hmmm... do you happen to remember the time and date that you did that?
You are on PDT, right? I'd like to check my logs.
You are on PDT, right? I'd like to check my logs.
On 03-31-20 17:24, Dumas Walker wrote to RAMPAGE <=-
for some reason, the above doesn't look right... it looks like they have the
po
t tacked onto the end of your domain as well as having the port defined in
thei
record for your system...
It is mystic. I have asked him about that and apparently he includes
the port on all of his connections. I have never tried using mystic's binkp to connect to a system on the standard port so I am not sure
whether he really should or not?
Trying 67.131.57.133...
I just tried agian with the same result. Is that the right IP address?
My IP is 104.246.155.40, do you see that in your log?
My BBBS mailer is similar to Mystics mailer. It just fails and doesn't give any
indication of why, I don't think it knows why.
No it does not. Nothing beginning with 104. is anywhere in my /sbbs/text
ip.can or ip silent file. I did add you to my /sbbs/ctrl ipfilter exempt file
so we will see what that does if you are willing to try again.
alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
Connection closed by foreign host.
So I think I did connect breifly before the connection was closed.
can you try running tcpdump and capturing the session? something like
this should work...
can you try running tcpdump and capturing the session? something like
this should work...
I did and the resulting file is in cco-pcap.zip in your inbound.
I did telnet capitolcityonline.net 24554,
again on port 23,
and again on port 7636 and reached his other BBSs login, then I just closed the connection.
can you also post a traceroute to 67.131.57.133?
sorry i couldn't bring better news...
This is what I got just a minute ago..
alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
Connection closed by foreign host.
So I think I did connect breifly before the connection was closed.
So I think I did connect breifly before the connection was closed.
As it is not being logged by synchronet/binkit, I syspect whatever you
are connecting to happens before it ever gets there. :(
sorry i couldn't bring better news...
Hello Rampage,
sorry i couldn't bring better news...
You've been very helpful.
Dumas put up binkd on another port and I was able to connect without issue using both telnet and a binkp mailer session.
That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?
Is there a way to test that theory?
That sounds to me like Synchronet/BinkIT is silently dropping the
connection without logging?
Is there a way to test that theory?
Maybe the port is the key, switch the ports around between binkd and BinkIT and see what changes.
As it is not being logged by synchronet/binkit, I syspect whatever
you are connecting to happens before it ever gets there. :(
Dumas put up binkd on another port and I was able to connect without
issue using both telnet and a binkp mailer session.
That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?
Is there a way to test that theory?
so the task moves back to the remote side to figure out why it is terminating t
ose connections to its binkp and telnet ports... it could be the software on th
se ports but it is still possible that they are being filtered/blocked before t
e software even sees the traffic... especially since the software is not record
ng the transaction and subsequent dropping of the connection... i'm starting to
suspect the ISP may be filtering port 24554 and port 23 but others are able to >onnect to those ports so that doesn't make sense... unless there is some sort o
region blocking on certain inbound ports... i do note that the IP is owned by
enturylink not that that really means much, though...
sorry i couldn't bring better news...
Thank you for your help. Dumas now knows where to look.. :)
Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.
Re: does binkit log failed in
By: Dumas Walker to AL on Thu Apr 02 2020 15:46:00
Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.
router hops are not recorded in the packets so they won't be recorded in any blocking software... it is only the originating IP that you should be looking for...
Well, not really. I was thinking maybe one of the hops would be in
my ip-silent.can but none of them are.
The issue was root-caused to bad syntax in the sysop's
text/ip-silent.can file. The line ".46~" matched (and silently
dropped connections from) the problem IP addresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
i'm glad you found it... that's why you get paid the big sbbs bucks :)
Ha! :-)
As it is not being logged by synchronet/binkit, I syspect whatever
you are connecting to happens before it ever gets there. :(
based on my analysis of the pcap file of attempts to connect to your port 24554
and 23, i agree...
have you tried rebooting your internet modem?
The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
my next step was going to be to ask to see the ip.can and ip-silent.can files..
i mean, if it wasn't the firewall or the ISP, it had to be local...
i can't even imagine what one would be trying to block with that particular ent
y...
As it is not being logged by synchronet/binkit, I syspect whatever you are connecting to happens before it ever gets there. :(
based on my analysis of the pcap file of attempts to connect to your port 24554
and 23, i agree...
have you tried rebooting your internet modem?
It actually turned out to be a misunderstanding of how the ip-silent.can file syntax worked. I was using a tilde where I should have been using an asterisk. :D Synchronet apparently does not log nodes which are blocked silently, or I don't have the logging turned up sensitive enough to do so.
The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
I have one other syntax related question. There is a note in the *.can files that says:
Wildcard characters (*, ^, ~) are allowed and ! negates the match
If I would have added an entry for Al and Beery's IPAs starting with a '!' in the ip-silent.can file, would that have allowed them in even though they were covered (accidentally) by my bad syntax?
I did not try it, since you helped me fix the root problem, but I wondered what that would have done.
It actually turned out to be a misunderstanding of how the ip-silent.can file syntax worked. I was using a tilde where I should have been using
an asterisk. :D
Synchronet apparently does not log nodes which are blocked silently,
or I don't have the logging turned up sensitive enough to do so.
Right, the "silent" means no-logging.
Dumas Walker wrote to RAMPAGE <=-
my next step was going to be to ask to see the ip.can and ip-silent.can files..
I was trying to block all IPAs starting with '46.' because I had
a lot of trouble with that one. For some reason, I thought the
'~,^,*' were interchangable and was using the tilde. Wrong! :D
Right, the "silent" means no-logging.
No. Since their IP matched one of your lines (rules), they would still have bee
filtered.
There's really nothing you could have added to exclude their specific IP addres
es since they matched that more general rule you had.
Re: Re: does binkit log faile
By: Digital Man to Dumas Walker on Fri Apr 03 2020 21:41:29
Right, the "silent" means no-logging.
this is one of those things that could be of one or more meanings :lol:
1. users not told they are blocked; connection just dropped.
2. connection block not logged.
3. both 1 and 2.
4. something else?
do the users still get notified when their IP is in the ip-silent.can file?
No. Since their IP matched one of your lines (rules), they would still have bee
filtered.
There's really nothing you could have added to exclude their specific IP addres
es since they matched that more general rule you had.
Good to know. Under what circumstances would the '!' entries be of use for?
You may already be aware of this, but those modifier characters
are explained pretty well here:
http://wiki.synchro.net/config:filter_files
Good to know. Under what circumstances would the '!' entries be of use for?
Depends on which .can/cfg file you're referring to, but for ip*.can, let's say >ou only wanted to accept connections from 192.168.*. You could have a single li
e, "!192.168.*" which would filter/block everything *but* the IPs you trusted.
Sysop: | echicken |
---|---|
Location: | Toronto, Ontario |
Users: | 2,224 |
Nodes: | 6 (0 / 6) |
Uptime: | 12:33:37 |
Calls: | 14,143 |
Files: | 295 |
Messages: | 551,290 |