bbs100

By default, a bbs100 BBS runs at port 1234. This means that users can login by doing 'telnet bbs.yoursite.com 1234' and they always have to specify the port number, '1234'. When they do 'telnet bbs.yoursite.com', they are presented with a login prompt, and can login as a Unix user on your system (if they have a login account, and if you have telnetd running).
Because of all kinds of nasty security issues, most system administrators nowadays disable telnetd and demand that their users use 'ssh' to connect to their systems. This leaves the default telnet port (port 23) unused, a perfect oppurtunity to run your BBS on the default telnet port..!

READ ON BEFORE DOING ANYTHING STUPID

The default telnet port is port 23. In Unix, all port numbers below 1024 are reserved for the operating system, and can only be used by a privileged user, normally the root user (uid 0). What you should not, I repeat, NOT do, is run bbs100 at port 23 as root. The bbs100 program is capable of doing the job, but there is a risk that your machine will be hacked by a malicious person out there on the internet. The bbs100 code should be safe, but it can not be garanteed that it is.

What to do instead? The answer is simple, you can run a socalled port redirector at port 23, and have it redirect all incoming connections at port 23 to port 1234, where you run bbs100 under the 'bbs' userid.

Example /etc/inetd.conf:

# comment out the standard telnet line
###telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  telnetd

# redir entry for bbs100
telnet stream  tcp     nowait  root    /usr/bin/redir --inetd --laddr 0.0.0.0 --lport 23 --caddr localhost --cport 1234 --transproxy --syslog

Fearlezz says: If you have a Linux system with ipchains (Linux kernel 2.2), you can do the following:

ipchains -I input 1 -d <interface-ip> 23 -p 6 -j REDIRECT 1234

and you will be able to see where a user connected from. This is a far better setup than using redir.
Victor Martinez says: If you have a Linux system with iptables (Linux kernel 2.4), use:

iptables -t nat -A PREROUTING -p tcp -d <interface-ip> --dport 23 -j REDIRECT --to-port 1234

Have fun playing with redirection. A nice thing about redirection is that you can actually put the BBS on another machine; for example, on an internal network. You can also combine this setup with the SSH setup.

You can get the source of the redir program at: http://sammy.net/~sammy/hacks/.
The author of bbs100 is not responsible for any security leaks in the redir program.

Back to main page

If you really must, you can contact the author at walter at heiho dot net