I have a new node which is trying to connect to my system using binkp.
I am able to connect to his fine, and send/receive mail. His
attempted inbounds are not showing up on my syslog or even in the
terminal window where sbbs is running. He is connecting, per his end.
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
I have a new node which is trying to connect to my system using binkp. I am able to connect to his fine, and send/receive mail. His attempted inbounds are not showing up on my syslog or even in the terminal window where sbbs is running. He is connecting, per his end.
Mar 30 20:26:58 Scanning 1:2320/105
Mar 30 20:26:58 Queued 1 files (588 bytes) to 1:2320/105
Mar 30 20:26:58 Polling BINKP node 1:2320/105 (Mike Powell) by IPV4
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
Mar 30 20:26:58 Connected IPV4 to 67.131.57.133
Mar 30 20:26:58 Connection lost
Mar 30 20:26:58 Authorization failed
Mar 30 20:26:58 Polled 0 nodes
He is using mystic. Only thing I can figure is that his IPA might be blocked here, but it is not in my ip silent file, and nothing is in my ip.can file. Plus I am not seeing a "blocked" message in the log on on the screen, either. Is there someplace else synchronet stores blocked addresses?
I have a new node which is trying to connect to my system using binkp.
I am able to connect to his fine, and send/receive mail. His
attempted inbounds are not showing up on my syslog or even in the
terminal window where sbbs is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to capitolcityonline.net on port 24554 I connect but immediately get "connection closed by foreign host"
Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554
Looks like that to me too.. if I telnet to capitolcityonline.net
on port 24554 I connect but immediately get "connection closed by
foreign host"
FWIW, I tried it, and it worked for me - I saw the familiar OPT CRAM-MD5-...
...deon
I have a new node which is trying to connect to my system
using binkp. I am able to connect to his fine, and
send/receive mail. His attempted inbounds are not showing
up on my syslog or even in the terminal window where sbbs
is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to
capitolcityonline.net on port 24554 I connect but
immediately get "connection closed by foreign host"
I have a new node which is trying to connect to my system
using binkp. I am able to connect to his fine, and
send/receive mail. His attempted inbounds are not showing
up on my syslog or even in the terminal window where sbbs
is running. He is connecting, per his end.
Looks like that to me too.. if I telnet to
capitolcityonline.net on port 24554 I connect but
immediately get "connection closed by foreign host"
that seems reasonable since you don't manually send the data
required... i set a poll for my binkd and was able to connect without problems... blank lines added to the below to avoid wordwrap hell...
for some reason, the above doesn't look right... it looks like they have the po
t tacked onto the end of your domain as well as having the port defined in thei
record for your system...
Trying 67.131.57.133...
Connected to capitolcityonline.net.
Escape character is '^]'.
Connection closed by foreign host.
I don't know why that happens.
He is using mystic. Only thing I can figure is that his IPA might be
blocked here, but it is not in my ip silent file, and nothing is in my
ip.can file. Plus I am not seeing a "blocked" message in the log on on the >> screen, either. Is there someplace else synchronet stores blocked addresses?
Nope. Maybe you have a system firewall or gateway device that is filtering his >onnectons?
You are on PDT, right? I'd like to check my logs.
Trying 67.131.57.133...
Connected to capitolcityonline.net.
Escape character is '^]'.
Connection closed by foreign host.
I don't know why that happens.
Hmmm... do you happen to remember the time and date that you did that?
You are on PDT, right? I'd like to check my logs.
On 03-31-20 17:24, Dumas Walker wrote to RAMPAGE <=-
for some reason, the above doesn't look right... it looks like they have the
po
t tacked onto the end of your domain as well as having the port defined in
thei
record for your system...
It is mystic. I have asked him about that and apparently he includes
the port on all of his connections. I have never tried using mystic's binkp to connect to a system on the standard port so I am not sure
whether he really should or not?
No it does not. Nothing beginning with 104. is anywhere in my /sbbs/text
ip.can or ip silent file. I did add you to my /sbbs/ctrl ipfilter exempt file
so we will see what that does if you are willing to try again.
Trying 67.131.57.133...
I just tried agian with the same result. Is that the right IP address?
My IP is 104.246.155.40, do you see that in your log?
My BBBS mailer is similar to Mystics mailer. It just fails and doesn't give any
indication of why, I don't think it knows why.
alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
Connection closed by foreign host.
So I think I did connect breifly before the connection was closed.
can you try running tcpdump and capturing the session? something like
this should work...
can you also post a traceroute to 67.131.57.133?
sorry i couldn't bring better news...
can you try running tcpdump and capturing the session? something like
this should work...
I did and the resulting file is in cco-pcap.zip in your inbound.
I did telnet capitolcityonline.net 24554,
24554 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=225677907TSecr=0 WS=128
37902 [SYN, ACK] Seq=0 Ack=1 Win=7240 Len=0 MSS=1460 SACK_PERM=1TSval=3612730178 TSecr=225677907 WS=1
24554 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=225678014 TSecr=3612730178
37902 [FIN, ACK] Seq=1 Ack=1 Win=7240 Len=0 TSval=3612730275 TSecr=225678014
24554 [FIN, ACK] Seq=1 Ack=2 Win=29312 Len=0 TSval=225678113TSecr=3612730275
37902 [ACK] Seq=2 Ack=2 Win=7239 Len=0 TSval=3612730370 TSecr=225678113
again on port 23,
23 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=225683811 TSecr=0WS=128
23 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=225683908 TSecr=3612736072
and again on port 7636 and reached his other BBSs login, then I justclosed the connection.
sorry i couldn't bring better news...
Hello Rampage,
sorry i couldn't bring better news...
You've been very helpful.
Dumas put up binkd on another port and I was able to connect without issue using both telnet and a binkp mailer session.
That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?
Is there a way to test that theory?
That sounds to me like Synchronet/BinkIT is silently dropping the
connection without logging?
Is there a way to test that theory?
Maybe the port is the key, switch the ports around between binkd and BinkIT and see what changes.
Dumas put up binkd on another port and I was able to connect without
issue using both telnet and a binkp mailer session.
That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?
Is there a way to test that theory?
so the task moves back to the remote side to figure out why it is terminating t
ose connections to its binkp and telnet ports... it could be the software on th
se ports but it is still possible that they are being filtered/blocked before t
e software even sees the traffic... especially since the software is not record
ng the transaction and subsequent dropping of the connection... i'm starting to
suspect the ISP may be filtering port 24554 and port 23 but others are able to >onnect to those ports so that doesn't make sense... unless there is some sort o
region blocking on certain inbound ports... i do note that the IP is owned by
enturylink not that that really means much, though...
sorry i couldn't bring better news...
Thank you for your help. Dumas now knows where to look.. :)
Well, not really. I was thinking maybe one of the hops would be in myip-silent.can but none of them are.
Re: does binkit log failed in
By: Dumas Walker to AL on Thu Apr 02 2020 15:46:00
Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.
router hops are not recorded in the packets so they won't be recorded in any blocking software... it is only the originating IP that you should be looking for...
Well, not really. I was thinking maybe one of the hops would be in
my ip-silent.can but none of them are.
The issue was root-caused to bad syntax in the sysop's
text/ip-silent.can file. The line ".46~" matched (and silently
dropped connections from) the problem IP addresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
i'm glad you found it... that's why you get paid the big sbbs bucks :)
Ha! :-)
The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
my next step was going to be to ask to see the ip.can and ip-silent.can files..
i mean, if it wasn't the firewall or the ISP, it had to be local...
i can't even imagine what one would be trying to block with that particular ent
y...
The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.
So yeah, the TCP connections were reaching SBBS and being silent disconnected.
I have one other syntax related question. There is a note in the *.can files that says:
Wildcard characters (*, ^, ~) are allowed and ! negates the match
If I would have added an entry for Al and Beery's IPAs starting with a '!' in the ip-silent.can file, would that have allowed them in even though they were covered (accidentally) by my bad syntax?
I did not try it, since you helped me fix the root problem, but I wondered what that would have done.
Dumas Walker wrote to RAMPAGE <=-
my next step was going to be to ask to see the ip.can and ip-silent.can files..
I was trying to block all IPAs starting with '46.' because I had
a lot of trouble with that one. For some reason, I thought the
'~,^,*' were interchangable and was using the tilde. Wrong! :D
No. Since their IP matched one of your lines (rules), they would still have bee
filtered.
There's really nothing you could have added to exclude their specific IP addres
es since they matched that more general rule you had.
No. Since their IP matched one of your lines (rules), they would still have bee
filtered.
There's really nothing you could have added to exclude their specific IP addres
es since they matched that more general rule you had.
Good to know. Under what circumstances would the '!' entries be of use for?
Good to know. Under what circumstances would the '!' entries be of use for?
Depends on which .can/cfg file you're referring to, but for ip*.can, let's say >ou only wanted to accept connections from 192.168.*. You could have a single li
e, "!192.168.*" which would filter/block everything *but* the IPs you trusted.
| Sysop: | sneaky |
|---|---|
| Location: | Ashburton,NZ |
| Users: | 31 |
| Nodes: | 8 (0 / 8) |
| Uptime: | 16:00:00 |
| Calls: | 2,095 |
| Calls today: | 2 |
| Files: | 11,142 |
| Messages: | 949,439 |