By default, a bbs100 BBS runs at port 1234. This means that users can login by
doing 'telnet bbs.yoursite.com 1234' and they always have to specify the port
number, '1234'. When they do 'telnet bbs.yoursite.com', they are presented with
a login prompt, and can login as a Unix user on your system (if they have a login account,
and if you have telnetd running).
Because of all kinds of nasty security issues, most system administrators nowadays disable telnetd and demand that their users use 'ssh' to connect to their systems. This leaves the default telnet port (port 23) unused, a perfect oppurtunity to run your BBS on the default telnet port..!
The default telnet port is port 23. In Unix, all port numbers below 1024 are reserved for the operating system, and can only be used by a privileged user, normally the root user (uid 0). What you should not, I repeat, NOT do, is run bbs100 at port 23 as root. The bbs100 program is capable of doing the job, but there is a risk that your machine will be hacked by a malicious person out there on the internet. The bbs100 code should be safe, but it can not be garanteed that it is.
What to do instead? The answer is simple, you can run a socalled port redirector at port 23, and have it redirect all incoming connections at port 23 to port 1234, where you run bbs100 under the 'bbs' userid.
# comment out the standard telnet line ###telnet stream tcp nowait root /usr/sbin/tcpd telnetd # redir entry for bbs100 telnet stream tcp nowait root /usr/bin/redir --inetd --laddr 0.0.0.0 --lport 23 --caddr localhost --cport 1234 --transproxy --syslogFearlezz says: If you have a Linux system with ipchains (Linux kernel 2.2), you can do the following:
ipchains -I input 1 -d <interface-ip> 23 -p 6 -j REDIRECT 1234and you will be able to see where a user connected from. This is a far better setup than using redir.
iptables -t nat -A PREROUTING -p tcp -d <interface-ip> --dport 23 -j REDIRECT --to-port 1234
Have fun playing with redirection. A nice thing about redirection is that you can actually put the BBS on another machine; for example, on an internal network. You can also combine this setup with the SSH setup.
You can get the source of the redir program at: http://sammy.net/~sammy/hacks/.
The author of bbs100 is not responsible for any security leaks in the redir program.
Back to main page