Hi all...

I just finished making a little program for RA the runs in the batach file just before RA loads, it writes to the BBS log the node number, and the IP and Host name of the caller as passed by command line to the batch file from NetFoss (or whatever your runs as a front end)

I was wondering if anybody would be interested in it? If there's some intereest I'll make up a doc and zip it and make it availble for free...


If anybody happened to reconize my name, I wrote RACall, HoloDoor and a couple other utils for RA back in the day.


Kent Timm
SysOp The HoloDeck BBS

--- RemoteAccess 2.62.1+
* Origin: HoloDeck BBS telnet://kentsoftware.com London ON (1:229/728)

Hi Kent,

I just finished making a little program for RA the runs in the batach file jus >before RA loads, it writes to the BBS log the node number, and the IP and Host >name of the caller as passed by command line to the batch file from NetFoss (o
whatever your runs as a front end)

I was wondering if anybody would be interested in it? If there's some interest I'll make up a doc and zip it and make it availble for free...

While I don't run RA, I do get 'stuff' out there <g>. If you'd like me to send
your file out in the utilnet fileecho, that would be really cool. It may be be
that at some point someone may look for just such a util?

If you like you can email me at janis@filegate.net, or dial up my binkD server at filegate.net.

If anybody happened to reconize my name, I wrote RACall, HoloDoor and a couple
other utils for RA back in the day.

Thanks for still working on utilities, Kent :)

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

While I don't run RA, I do get 'stuff' out there <g>. If
you'd like me to send your file out in the utilnet fileecho,
that would be really cool. It may be be that at some point
someone may look for just such a util?

I did leave some provision to have it write log enties in other formats if somebody provideme with a log sample:) The main thing is just having the IP entry in a log never designed for internet use. It don't access any of the RA config files, so it should work with anything that can just run a command line and pass the IP info. But I didn't use Turbo Basic like it used in past BBS util, I used VB 4, so it much more modern :)

I have a couple tweeks to make, and I sent you a ZIP :)

thanks

--- RemoteAccess 2.62.1+
* Origin: HoloDeck BBS telnet://kentsoftware.com London ON (1:229/728)

While I don't run RA, I do get 'stuff' out there <g>. If
you'd like me to send your file out in the utilnet fileecho,
that would be really cool. It may be be that at some point
someone may look for just such a util?

I did leave some provision to have it write log enties in other formats if
somebody provideme with a log sample:) The main thing is just having the IP >entry in a log never designed for internet use. It don't access any of the RA >config files, so it should work with anything that can just run a command line
and pass the IP info. But I didn't use Turbo Basic like it used in past BBS util, I used VB 4, so it much more modern :)

I have a couple tweeks to make, and I sent you a ZIP :)

Great, I'll watch for it Kent.

thanks

Thanks go out to you :)

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

While I don't run RA, I do get 'stuff' out there <g>. If
you'd like me to send your file out in the utilnet fileecho,
that would be really cool. It may be be that at some point
someone may look for just such a util?

I did leave some provision to have it write log enties in other
formats if somebody provideme with a log sample:) The main thing
is just having the IP entry in a log never designed for internet
use.

are you saying it does something similar to this?

===== snip =====
---------- Wed 20 Aug 2014, OS2FD

06:05:35 Caller online :
06:05:35 Connect Settings : COM3 CONNECT 57600/ARQ/TEL_FROM_XX.XX.XX.XX 06:05:35 Time to EVENT : 1069 minutes
06:05:35 CID Information : N/A
06:05:41 RA -e10 -N11 -b57600/ARQ/TEL_FROM_XX.XX.XX.XX -c3 -T1069

---------- Wed 20 Aug 2014, RA 2.63ß1+ line #11

06:05:55.24 xxxxxxxxx on-line at 57600 BPS
06:05:57.19 Security level 35, 120 mins today, 0 mins this session 06:05:58.45 FYI - X:\RA\TXTFILES\WELCOME1 does not exist.
06:05:58.46 FYI - X:\RA\TXTFILES\WELCOME2 does not exist.
06:05:58.46 FYI - X:\RA\TXTFILES\WELCOME3 does not exist.
06:05:58.47 FYI - X:\RA\TXTFILES\WELCOME4 does not exist.
06:05:58.48 FYI - X:\RA\TXTFILES\WELCOME5 does not exist.
06:06:11.00 FYI - X:\RA\TXTFILES\GROUP1 does not exist.
06:06:27.04 Reading message area #0 : COMBINED
06:06:31.25 Message #904 deleted
06:07:06.61 FYI - X:\RA\TXTFILES\ONCEONLY does not exist.
06:07:06.66 FYI - X:\RA\TXTFILES\08-20 does not exist.
06:07:07.11 DOS shell : *c /c x:\ra\usraddrs.bat *N *Sinet *m
06:07:15.37 DOS shell : *c /c x:\ra\doors\scrab.bat *d *m
06:12:10.21 User requested to terminate the call
06:12:13.45 TERMINAT.pas @38: UsersLoginDate = 08-20-2014
06:12:13.45 UsersInfo.OldLastDate = 08-20-14
06:12:13.45 UsersInfo.PrefixLastDate = 20
06:12:13.45 User off-line
06:12:18.89 Y2kDropFile boolean is "FALSE"
06:12:18.89 USERSLastDate = ->08-20-2014<-
06:12:18.89 EXITINFOinfo.PrefixLoginDate = ->20<-
06:12:18.89 EXITINFOinfo.OldLoginDate = ->08-20-14<-
06:12:18.89 USERSLastDate = ->08-20-2014<-
06:12:18.89 First Date: ->06-12-2014<- Last Date: ->08-20-2014<- terminat 06:12:18.90 Birth Date: ->05-30-1942<- Sub Date : -> - - <- terminat 06:12:18 RA Exit Errorlevel 10
06:12:19 Entering AFTERCALLER
06:12:19 RABUSY.* does not exist. fixing USERON.BBS
06:12:19 Entering NOCREDIT
06:12:19 Updating GIGO user list
06:12:19 Updating user stats bulletins

===== snip =====

the first six line section and the last six lines are all written to my RA*N.LOG files by my monster 4DOS bat file... it parses the DOBBS*N.BAT file written by my frontdoor mailer as a data file and pulls the parts out for additional processing... you can see that the above is for a telnet connection... it also does the same thing with POTS dialup calls and the phone numbers presented by the caller-id in the CID field ;)

)\/(ark


* Origin: North American RemoteAccess Support 919-774-5930 (1:3634/12)

Kind of the same, but I just write one line, looks like a normal RA entry

20-Aug 12:08:09 IP01 190.252.xx.xx Unknown

20-Aug 12:08:21 RA01 Lost carrier

20-Aug 13:00:59 IP01 213.37.xxx.xx

20-Aug 13:01:11 RA01 [removed name] on-line at 57600 BPS
20-Aug 13:01:14 RA01 Security level 30, 55 mins today, 0 mins this session 20-Aug 13:03:45 RA01 Download [Zmodem] D:\CD\SCIFI\BORIS\BORIS50.GIF

etc...
Seems like NetFoss puts strangnes in the *R for resolved name some times, so I want to address that before I make it available. It's nothing fancy, just something I wanted in my logs.
and the IP0n does change to refect the *N

--- RemoteAccess 2.62.1+
* Origin: HoloDeck BBS telnet://kentsoftware.com London ON (1:229/728)

Kind of the same, but I just write one line, looks like a normal RA
entry

as long as it does what you need it to do, it is great! ;)

Seems like NetFoss puts strangnes in the *R for resolved name some
times, so I want to address that before I make it available.

if i might speak as a network security admin and specialist for a moment...

do not trust dns resolved hostnames... by that, i mean that IPs can't be faked not and have the connection work... IPs are the only truth to where the connection is coming from... the resolved names can easily be faked if one has control over their DNS...

to elaborate on that, i have systems trying to drop spam off here... some of them return "localhost" as the resolved name when i do a lookup... their intention is to confuse me and make me think that my own system is trying to do
the spamming... some others return "." which doesn't say much of anything... i've seen other stuff, too, which just isn't right and shouldn't be being done... given some time, i can easily provide examples of IPs which you can lookup and see what they return ;)

if it is possible to disable netfoss' hostname lookups, i would most likely do so... mainly to speed up the connection instead of having to wait on the rdns to complete... but also for the above reason... i learned that lesson not only from spammers but also others trying to hack into my web server years ago... they do the same thing and at the time i was recording the FQDN that was returned... i finally turned that off and started recording only IP numbers and
the real culprits were revealed...

It's nothing fancy, just something I wanted in my logs. and the
IP0n does change to refect the *N

good deal :)

)\/(ark


* Origin: North American RemoteAccess Support 919-774-5930 (1:3634/12)

* Kent Timm gave this bit of info to All:

I just finished making a little program for RA the runs in the batach
file just before RA loads, it writes to the BBS log the node number,
and the IP and Host name of the caller as passed by command line
to the batch file from NetFoss (or whatever your runs as a front
end)

Hello, I'd be interested in having some way of seeing IP and host name in
my RAnode.log The only things running here is RemoteAccess and netserial.
I have not had any luck getting some of my older door games working with netfoss. If your little program just work with netfoss maybe someone can
point me in the right direction on how to get user IP/host into my log also.

--- RemoteAccess 2.62.1+
* Origin: Cosmo's Castle * ccbbs.zapto.org (1:275/91.5)

Thanks for the info on the DNS lookup. I will keep that in mind when watching odd activity. I belive Netfoss can disable the DNS lookup, but it doesn't seem
to take long to do when I've been watching it. Interestingly (to me at least) when I telnet to the BBS from my main computer, it resolves the name for
it within my lan.

I also run a webserver and have seen a few hack attemps, like stuff trying to access default paths for mysql and php, which are not installed since I have no
need for them. I was going to try adding a mailserver also (hmailserevr for windows) but it was driving me crazy and decided to just leave me email going the register forwarders. I figured I have enough hoobies with out adding a mail serevr and watching it for spam. (ie I'd rather work on my model trains and ham radio stuff then fighter spammers:)

--- RemoteAccess 2.62.1+
* Origin: HoloDeck BBS telnet://kentsoftware.com London ON (1:229/728)

On Fri, 22 Aug 2014, Kent Timm wrote to mark lewis:

Thanks for the info on the DNS lookup. I will keep that in mind
when watching odd activity. I belive Netfoss can disable the DNS
lookup, but it doesn't seem to take long to do when I've been
watching it. Interestingly (to me at least) when I telnet to
the BBS from my main computer, it resolves the name for it within
my lan.

yeah, i guess you have some type of DNS or hosts file stuff in place for your local LAN names to be resolving... i do here for the dozen or so machines running on this network... it is SOP for my installations ;)

I also run a webserver and have seen a few hack attemps, like stuff
trying to access default paths for mysql and php, which are not
installed since I have no need for them.

yeah, that's common... skidiots running scripts trying to find ways into a system... i see them all the time on my static pages... it is funny but after a
while it gets old... this is one of the reasons why my perimeter firewall has active response protections in operation and blocks those IPs as soon as the violation(s) are detected... it even blocks attempts to connect to ports for services that aren't running here (eg: MSSQL) ;)

I was going to try adding a mailserver also (hmailserevr for
windows) but it was driving me crazy and decided to just leave me
email going the register forwarders. I figured I have enough
hoobies with out adding a mail serevr and watching it for spam.
(ie I'd rather work on my model trains and ham radio stuff then
fighter spammers:)

any mail server being run today pretty much requires that spam, virus and malware detection be part and parcel of the install... my mail server has such as well as the added of my active response protections which detect things like
a system being rejected for spam because they are listed in a spam block database somewhere... there's many things that i'm glad those protections monitor for... even attempts at trying to log into an account too many times with failures get blocked... and definitely don't try to scan my system because
you will be blocked :lol:

)\/(ark

Good security is not something you have, its something you do.

--- FMail/Win32 1.60
* Origin: (1:3634/12.71)

* Kent Timm gave this bit of info to All:

I just finished making a little program for RA the runs in the batach
file just before RA loads, it writes to the BBS log the node number,
and the IP and Host name of the caller as passed by command line
to the batch file from NetFoss (or whatever your runs as a front
end)

Hello, I'd be interested in having some way of seeing IP and host
name in my RAnode.log The only things running here is RemoteAccess
and netserial.

netserial is like the vmodem virtual modem tool used over here... vmodem reports the remote IP in the connect message that is fed to the bbs...

eg: CONNECT 57600/ARQ/TEL FROM 93.217.33.52

if netserial has this capability, you should enable it if it is an option... since i don't run RA barefoot over here, i can't really test and see how RA would handle it...

FD processes the connect string and replaces those spaces between TEL and FROM and the IP with underscore '_' characters... if the connection is on a POTS line and one has caller-id turned on, the next part of the above would be the caller-id stuff with its linebreaks changed into equal '=' signs... this make is easier to pass on to the exebbs.bat file where later parsing of the data may
take place...

I have not had any luck getting some of my older door games
working with netfoss. If your little program just work with
netfoss maybe someone can point me in the right direction on
how to get user IP/host into my log also.

it is gonna have to be in your virtual modem or fossil software... AIUI, there's nothing else between the caller and the bbs that has access to that information...

)\/(ark


* Origin: North American RemoteAccess Support 919-774-5930 (1:3634/12)