Figuring out a way to leverage fail2ban with terminal services

BBS:      TELESC.NET.BR
Assunto:  Figuring out a way to leverage fail2ban with terminal services
De:       Winzlo
Data:     Sat, 2 May 2026 20:57:34 -0500
-----------------------------------------------------------
The bots have arrived.  :/  I'm now watching as my BBS gets taken over by telnet connections, some try to use a username during the matrix menu, others just sit there tieing up the line/node until the 60 second timeout that I imposed.  Despite this, I've got a real "squatter" problem to tend to, with two potential solutions - either change my BBS's telnet port off 23 and risk this happening again, or run something like fail2ban to block these connections from repeating.

I've also configured pfSense to only allow 2 concurrent connections, with no more than 5 burst sessions throttling back to 2.  This did reduce the issue from happening many times a day to only a couple times a day, but it didn't knock it out.  That's where fail2ban comes into play.

The issue I'm encountering is that I have my log level set to Info, and yet I have not found an obvious way to determine "BBS got an incoming connection from IP x.x.x.x".  Combining that entry with a line in hack.log and/or hangup.log would make this a breeze.  Is there an option I haven't spotted that would either allow this to happen, or allow some kind of logging that fail2ban cuold trap on to detect these kinds of attaacks?

-Winzlo

===
 The Down-Lo BBS  bbs.winzlo.com

...A celebrity is a person who is known for his well-knownness.
--- SBBSecho 3.37-Linux
 * Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)
n  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]