Notice: Well, I have been using Protus
connection filters for a long time now.
At first, it was the version 3.1/1.2 for DosFBB515c
and, later, version 3.3 for Dos/WinFBB700. I have
found Protus as very useful utility because of its
implementation of automated BBS-to-BBS
forwarding protection, using MD2 algorithm.
One of the reasons to cover Protus
in this document is the fact that its author
haven't made a manual in English yet. I keep
trying to translate original manuals
from Spanish into English, but it is a hard work.
Any good 'spanish-to-english'
translator is welcomed to contact me:
m.skoric@eunet.yu.
Protus offers several interesting features:
It can send a presentation message to
all users, informing about possibility
to make users' access more safe,
It can send messages to users who have
usual, non-restricted access, informing about
utility's existence,
It can send messages to users who have no
valid access (before disconnecting them),
It can send messages to new users who have
connected the BBS for the first time, informing
them about the password utility.
It can send messages to users who have entered
wrong password (before disconnecting them),
It can inform sysop about almost everything
related to users' connections (new user on
the system, unsuccessful connections etc),
Messages mentioned above could be translated
into various languages and used similarly as various
language files that FBB system use,
Messages mentioned above could be different
for different BBS ports,
Protus could be activated/deactivated at various
intervals of time using CRON.SYS system file,
Passwords could be managed remotely, using an
external server, developed by Jose EB5IVB,
...
Well, let's see what should be done in order to
implement secure access to the FBB packet
radio BBS, using Protus type of, so called, c_filter:
Users of Dos/WinFBB versions of Protus
already know that it is needed to create a new
directory \FBB\PROTUS where several
*.PRT files should be placed. In addition, the
main C_FILT*.DLL files should be copied
into \FBB\BIN directory, as well as a couple
of "system", (i.e. config) *.PRT files that are going to
be within \FBB\SYSTEM directory.
After the sysop has copied all files into
their proper locations, it is needed to make
some configuration. The most important files
are two "system" ones: CONFIG.PRT and
USERS.PRT that should be carefully
adopted to any particular situation. Other *.PRT
files will work as they are in original, but they may
be translated because they are originated
in Spanish (those files are just the parts of
information that are sent to users who
connect to the BBS). For your information,
I usualy don't care much about, because my
BBS's are so called "open systems". It means
they work quite normal for all users in the
same way as they worked before
implementing Protus. Only a couple of callsigns
have password installed and, when connecting,
they know what they are doing, so, they don't need
any additional info. Your mileage may vary.
So far - so good. After everything mentioned has
been done, you have to restart your FBB in order
for Protus utility to be activated. In all
connections to your BBS (including console),
you should see a line like this: {PROTUS-4.0}
just after the well known line [FBB-7.00-AB1FHMRX$]. It
only gives an information that Protus is active on the
system. Users of your BBS who don't have
their passwords, connect just normally as before.
Users who's callsigns have password implemented,
are prompted for password just after their connections.
The author of Protus, Jesus EB5AGF, has made
several working "modes" of its utility. It
is possible for users to have various kinds
of passwords: a fixed phrase (similar as those you
are used to when connect to the Internet
via telephone line, but this way the phrase
can be masqueraded within the longer answer);
a changeable answer to the 5 random numbers (just
like usual FBB sysop's password); a mode
that uses automatic answer from user's client
packet programs; implementation of MD2 and
MD5 algorithms; FBB-to-FBB automatic
protection etc. FYI, my WinFBB is equipped
with 16-bit Protus 4.0 (13 August 1999).
There is also a 32-bit module of the same date
that would be called from within 32-bit WinFBB
(I haven't tested those 32-bit applications).
Well, the situation regarding working location
of Protus files under LinFBB is somewhat different.
I have become familiar to the directory structure
that DosFBB and WinFBB versions of Protus have
been using, so I considered that it was enough
to implement the same directory structure when
I started the installation of Protus under LinFBB.
It was wrong. After having pulled out the
remaining hair, the things started to work, so,
now I am going to tell you what to do.
I have already told you that I have been running
here both WinFBB under Windows NT and LinFBB
under Linux (see also Linux+WinNT mini-HOWTO
and Lilo mini-HOWTO). That means all Protus
stuff has already been installed in a way WinFBB has
required, except Linux executable of
c_filter file. I put that one file into /fbb/bin
directory and, after the next restart of LinFBB, I got the
info mentioned above: {PROTUS-4.0}. But the
password protection was not likely to work.
I was told by the author to make a new directory
/var/ax25/fbb/protus and put *.PRT files there.
I didn't move files from \FBB\PROTUS
but rather copied them into the new location,
because I wanted Protus to continue working under WinFBB
as before. The utility still didn't want to run, unless I
also copied additional two *.PRT files from
\FBB\SYSTEM to the same new location
(/var/ax25/fbb/protus). After I did that, Protus
became functional.
Well, I suppose, the above info would be
useful for those of you who intend to run
*both* Windows and Linux FBB's on the same machine.
For the majority of LinFBB-only users, it is just
important to make /var/ax25/fbb/protus
where all *.prt files should be placed.
Only c_filter executable should go to
/fbb/bin and that's it.
About FBB-to-FBB protection: *both* partners
have to install Protus. Password for the
forwarding partner's callsign must be the
same at *both* sides of the link. The versions
of Protus don't need to be the same (neither
the versions of FBB, neither the operating
systems, HI!). Anyway, MD5 algorithm will only
work if both parties have Protus 4.x and
above (I still don't use that, but it is not
a problem, because my two boxes, DosFBB-Protus3.3 and
WinFBB/LinFBB-Protus4.0, make all things OK with MD2).
One of the interesting features of Protus is to
log unsuccessful connections. Due to the
different locations of *.prt files here, I have
separate logs for WinFBB and LinFBB "c_filtering".
Those of you who are going to run only one operating
system and appropriate version of FBB, will have one
complete log of connection errors, users make when try to
connect your BBS.
As it was told earlier, if you implemented
password protection for only some of your
users (but not for all of them who connect
normally) - your system is considered as
the "open" one. It means that will be logged
only unsuccessful tries to enter the system
by "protected" callsigns. But, if you decided
that your BBS can be accessed by only those
callsigns who have Protus password, that
means your system is the "closed" one.
Then, there is no way a user could enter your
FBB unless its callsign has given a password
within your Protus. Any unauthorized try to
connect your BBS is also logged.
In addition, you may decide to have a "guest"
access or a "read-only" as default for
some BBS's access ports and/or for users who enter
the wrong password. Many combinations are possible.
You could even password protect your own FBB console!
To finish with this topic for now, just to
inform you that my X11 LinFBB is equipped
with Protus v4.1b7 (15 February 2000). It
has some minor bugs, for example, it logs
incoming connections with a SSID of -48 if
a user doesn't have a SSID at all (of course,
in such case a SSID of -0 would be expected).