avoid ignore on botnet

[CrazyCat]

hi there,
I've a small trouble with my hub:
10 eggdrops are running on my shell, one of them is hub.
When the pc reboots, they all try to reconnect to the hub at the same time, so the hub sets an ignore on -telnet!telnet@LOCALHOST
how can I avoid this? any special flag or option in the .conf ?

thanx a lot

[Papillon]

# Define here how many telnet connection attempts in how many seconds from
# the same host constitute a flood. The correct format is Attempts:Seconds.
set telnet-flood 5:60


might be what u are looking for..

[ppslim]

Another option (probably the best), is to change the times each bot is loaded.

If using a crontab - load one 1 bot each min.

Yes, it will take 10 mins for them all to come online, but it prevents flooding.

That or using a combination of the flood setting, and laucning the bots in smaller groups.

[CrazyCat]

all right, using the set telnet-flood $nb:60 where $nb = number of eggdrops +1

but it's a big security hole: the flood limit may be to high if there are a lot of eggdrops on the same machine...

perharps may I create a small tcl to reduce this risk

If I do, be sure I'll transmit it

[ppslim]

I have been good, and produced a nice, 1 line script, to cater for this.

First, change the value of telnet-flood to somthing high. IE, in your example, "<NB>:60" (number of bots plus 1)

Code: Select all

utimer 30 [list set telnet-flood 3:10]

Place that at the base of your config file, changing the 3:10 to your own figure.

This will allow for a 30 flood period at the startup, .rehash, .reload and any time the config file is re-read.

Just long enough for anything to pass, with a buffer.

It will then, reduce the threat.