PC Micro Presents:
-= Net2BBS Telnet Server =-
May 1, 2017
Net2BBS is a small yet powerful console Windows Telnet Server which
is bundled as part of the freeware NetFoss FOSSIL driver package.
Net2BBS has the following features:
* Very small footprint, NET2BBS.EXE is only a few Kbytes in size.
* Very fast, Net2BBS is written entirly in MASM32 SDK Assembler.
* Configurable Node support, up to 256 nodes.
* Logs IP's and HostNames of connections to screen and file.
* Allows defining an IP/hostname block list, supporting wildcards.
* Detects portscanners, preventing them from accessing the BBS.
* Detects IP hammering, and temporarily blocks offending IP's.
* Allows blocking IP addresses listed on multiple DNS Blacklists.
* Allows blocking IP addresses by Country.
* Prevents denied IP's from reconnecting using a firewall technique.
* Multimedia support: plays login.wav and logoff.wav if found.
* Semaphore support: Prevents BBS access while a semaphore file exists.
* Pseudo Nodes allow multiple BBS software to share the NetFoss nodes.
* Supports all NT versions of Windows including 10 and Server Core.
* Runs as a Console Application or as a Service.
* Allows sysop to view BBS nodes, even when running as a service.
* A classic Console mode text interface.
* Includes a simple Socket Policy Server, compatible with Flash
* Open Source (MASM32).
Portscanner detection and Accept refusal
Net2BBS uses an advanced accept refusal technique to minimize traffic from
undesirable clients, such as portscanners and botnets.
Once a portscanner has been detected, or a client fails the DNSBL tests or
is already listed in the killlist blockfile, their IP address is added to a
temporary cache of IP's to firewall. If these IP's attempt to reconnect,
Net2BBS will refuse to respond at all until they are no longer in the cache.
However, the failed attempts are still written to the log.
The cache is circular, so once it fills up the new IP's added to it will
overwrite the oldest ones. By default, IP addresses added to the cache will
be automaticly removed after 2 hours but this can be adjusted by setting
the CacheTime= setting in the Net2BBS.ini. I.E.: CacheTime=60 for 1 hour
or CacheTime=0 to never remove it.
Editing the NET2BBS.INI Configuration file
Net2BBS needs to be configured before it will function. This is done by
creating or editing a configuration file. You can specify the name of the
configuration .INI file to load when Net2BBS is run from a Command Line.
If no filename is specified, NET2BBS.INI will be selected by default.
If Net2BBS is configured as a service, it will automatically try to open
NET2BBS.INI. When running as a service, no other filename can be selected.
A NET2BBS.SAMPLE.INI is included in the distribution archive, which you
can rename or copy to NET2BBS.INI before you edit it.
When you run Net2BBS, you can press [C] to Configure the NET2BBS.INI.
Or you can manually edit the Net2BBS.INI file with a text editor, such
as NotePad. The NET2BBS.INI must be located in the same directory where
NET2BBS.EXE is located. Changes to NET2BBS.INI will not take effect
until the next time Net2BBS is started.
The Sample .INI file uses settings like these:
Command=c:\netfoss\nf.bat /n*N /h*H c:\pcb\pcboard.bat *N
KillMsg=You are not welcome here.
ResolveMsg=o Net2BBS - Resolving your IP Address...
BlockCC=156,643,392,804 ; 156=China 643=Russia 392=Japan 804=Ukraine
Here is what each line does:
[Settings] This line must appear above all other valid lines.
Any lines above this line will be treated as comments.
This line is required, as it defines a Settings group.
Command= The Command Line Net2BBS spawns each time a node is
opened for an incoming telnet connection.
Normally this will execute NF.BAT and a second batch
file for the BBS software. Both the Node number and
the TCP Socket Handle need to be passed on the command
line that spawns the application, allowing it to take
control of the incoming TCP connection.
The following Macros are supported:
*N = The Node number Net2BBS assigned to this session
*Z = The Pseudo Node number to be passed to the BBS
*H = The telnet Socket Handle
*I = The users IP Address
*R = The users Resolved Hostname
StartPath= This is the directory that Net2BBS will change to
to before spawning the Command Line. You can use the
*N (Node Macro) in the Startpath which will be replaced
with the node number.
Port= The TCP/IP port that Net2BBS will monitor for incoming
telnet connections. By default this will be port 23,
the Telnet port. Some ISP's block port 23 from incoming
connections, in which case you may need to define a
PolicyPort= The TCP/IP port that Net2BBS will monitor for incoming
Socket Policy connections. By default this is disabled,
but if a non-zero port value (usually 843) is specified
then the Socket Policy Server will be enabled on that
port. Connections on this port will be sent the file
"SocketPolicy.xml" located in the Net2BBS directory.
Nodes= The maximum number of simultaneous telnet connections
allowed to be active. By default this will be 256 which
is the maximum value that Net2BBS currently supports.
You can define any value from 1 to 256.
StartNode= The Starting Node number created by Net2BBS. This could
be handy if you use specific nodes for Telnet, and other
nodes for dialup. For example you could define Nodes=50
and StartNode=101, to have Net2BBS only assign nodes 101
When using StartNode, it is possible to tell the BBS
software to use a pseudo node value (macro *Z), so that
the BBS nodes start at Node 1. This is useful when
running multiple BBSes on the same PC. See the Pseudo
Node section below for details.
MaxSameIP= Maximum number of simultaneous connections allowed from
the same IP address. The default is 3. Once this limit
is reached, new connections will be refused and added to
the temporary accept-refusal cache.
Debug= A logical flag (either 0 or 1), to disable or enable
debug mode. When debug mode is 1 (enabled), some extra
information is displayed on the screen.
NodeView= A value which defines the console Window view setting
for new connections when a node is started.
Valid options for NodeView are:
=0 - Hide: Window not is Visable or viewable.
=1 - Normal: Window not active but visable.
=2 - ShowMinimized: Window active but minimized
=3 - Maximize: Window maximized but not active.
=4 - ShowNoActivate: Window visable but not active.
=5 - Show: Window active and visable
using current size and position.
=6 - Mininize: Window minimized and not active.
=7 - ShowMinNoActive: Window minimized, visable but not
=8 - ShowNA Window visable but not active,
using current size and position.
=9 - Restore Window active and visable. If the
window was minimized or maximized,
it is restored to its original size
MainView= A value which defines the console window view setting for
Net2BBS.exe. Uses the same values as Nodeview above.
NodeLines= *** Warning: This option is somewhat experimental!
A value defining the number of lines the node's Console
window will be set for when it's created. (25 or 50).
Due to limitations in the WinAPI, this will only work
correctly when the console window is using a default
font size of 8x13 (8 pixels wide by 13 pixels high).
If yours uses a non default font size this may result
in a horizontal scroll-bar being added to the Window.
Log= The Log file name (the path is optional). If you do not
want a log file, set this to Log=null
Semaphore= The Semaphore filename (the path is optional).
Before Net2BBS assigns an incoming telnet connection
to a node, it checks to make sure that the Semaphore
file does not exist. If the file does exist, the
connection is refused due to a semaphore event. If the
Semaphore file contains any text, this text will be
sent to the caller before they are disconnected.
CacheTime= Sets a timeout in minutes to remove cached IP's from the
accept-refusal cache. The default is 120 (2 hours). If
it is set to 0 they will never be removed until the
cache fills up and is overwritten by new IP's being added.
KillList= The Blocked IP Address/Hostname list filename.
This file should contain one IP Address or Hostname
to block per line, and wildcard characters ? and *
are fully supported. In order for Hostname blocking
to be effective, the Resolve Mode must be enabled.
Example wildcard hostname: *.sdf.org
Example wildcard IP address: 206.188.*
KillMsg= A line of text to display to the caller when their
IP Address or hostname made a wildcard match with
one of the lines within the Kill List file.
KillMsgFile= A text file to display to the caller instead of any
defined KillMsg line, if the KillMsgFile exists.
Editor= The name of the Text editor that will be used to
edit the configuration and killlist files.
It is also used to display the help file.
Resolve= A logical flag (0 or 1). When enabled (1), Net2BBS
will attempt to resolve the callers IP Address to a
hostname or domain name. Enabling Resolve mode can
cause users to experience a short delay once they
connect, while their IP is resolved. During this time
they are shown the ResolveMsg text defined below,
and once the resolve is completed, the caller is
shown the results.
ResolveMsg= A line of text to display to the caller while their
IP address is being resolved. ANSi characters can be
used, as long as the first character after = is not
an ESC, and no more then 128 characters are used.
ShowHost= A logical flag (0 or 1). When enabled (non-zero),
(and Resolve= is also enabled) then Net2BBS will show
the resolved hostname on the callers terminal, right
after the ResolveMsg= text. Furthermore, after showing
it, Net2BBS will pause for the number of milliseconds
defined by this non-zero value. e.g. ShowHost=1000
will cause a 1 second delay.
Blocking = A logical flag (0 or 1), when enabled, Net2BBS will
set the Sockets to Blocking mode. The default setting
is 0, which will set the Sockets to Non-Blocking mode.
AntiScanner= A logical flag (0 or 1), when enabled, Net2BBS will
check to see if incoming connections are Port Scanner
bots and if they appear to be, they are added to the
AntiHammer= A logical flag (0 or 1), when enabled, NetBBS will
count the number of Connects/Disconnects from the
same IP address per minute. When it detects an
excessive amount, it adds the IP to the accept-
DNSBL= The domain name of a DNS BlackList to use.
If this option is defined, Net2BBS will make sure
that any incoming connection's IP address is not
listed in the defined DNS BlackList. If it is, the
connection is immediately closed.
Up to 4 DNS Blacklists can be defined: DNSBL, DNSBL2,
DNSBL3, and DNSBL4. (Note: DNSBL1 is invalid).
BlockCC= ISO-3166 Country Codes to block when using the special
Geo locater DNS blacklist: zz.countries.nerd.dk
multiple codes can be entered, comma delmited.
| See https://en.wikipedia.org/wiki/ISO_3166-1_numeric
WhiteList= List of up to 4 IP Addresses which will always be
accepted, bypassing the AntiHammer, AntiPortScanner,
and Maximum Same-IP connections checkers. They are
comma delimited. Hostnames and wildcards are not allowed.
Typically you will need to change the "Command=" and "StartPath="
lines to run your BBS, MUD, etc., with any needed parameters. Refer
to the example BBS configurations listed in NETFOSS.TXT for examples
of how these "Command=" line should appear for your software.
Pseudo Nodes are useful When running multiple BBSes on the same PC.
For example, if VA BBS is running on NetFoss nodes 1-100 on port 23,
and PCBoard are running on nodes 101-200 on port 24, then PCBoard's
"Who's online" list, would look strange since it would start at node
101 instead of node 1. So by passing the PCBoard BBS software a
Pseudo node value instead of the actual NetFoss node value, PCBoard
will show Node 101 as being Node 1, Node 102 as being Node 2, etc.
Here is now Net2BBS computes the Pseudo Node number to pass:
*Z = (*N-StartNode)+1
So for example if StartNode=101, The NetFoss node (*N)=105, then the
Pseudo Node (*Z)=5. In this example the BBS would think there is a
user connected to Node 5, but in reality they are connected to
NetFoss on Node 105.
Here is now the first 2 lines of Net2BBS.INI would usually look for a
(non-Pseudo) PCBoard BBS configuration:
Command=c:\netfoss\nf.bat /n*N /h*H c:\pcb\pcboard.bat *N
On this Command line, the node number (*N) is being passed both to
NetFoss (nf.bat /n*N) and to the BBS software (pcboard.bat *N).
On the StartPath line, the node number is passed as part of the path.
In order to use a Pseudo Node, you still must passs *N to nf.bat, but
you should pass *Z to the BBS batch file instead, and also pass *Z to
Startpath if needed, like so:
Command=c:\netfoss\nf.bat /n*N /h*H c:\pcb\pcboard.bat *Z
In addition, in order to use NFU to run Win32 doors from a DOS BBS when
using Pseudo-Nodes, your Telnet Server must be set an additional
Environment Variable %NFNODE% to pass the NetFoss physical node (*N) to
The environment. Because otherwise NFU will only know the Psudo-node
(by reading DOOR.SYS).
Net2BBS can either be run a desktop Console mode application, or it
can be installed as a Windows Service.
Net2BBS supports the following keyboard commands:
[ESC] Exit, [C] Configure INI, [E] Edit Blocked IP List, [F1] Help
Pressing [ESC] once will confirm if you wish to exit or not.
Pressing [ESC] twice will exit Net2BBS, and will shut down any
active telnet connections.
Pressing [ESC] followed by [R] will restart Net2BBS, and reload the
NET2BBS.INI configuration file.
Pressing [C] will edit the NET2BBS.INI configuration file.
Changes that are saved will not be used until Net2BBS is restarted.
Pressing [E] will edit the KillList, which is a list of blocked IP
and/or HostNames to refuse access to. When editing the KillList file
the changes will become active as soon as the file is saved.
Pressing [F1] will view(edit) this help file.
To hear a sound effect each time a user logs in or logs off, add
the filenames login.wav and logoff.wav to the folder that Net2BBS
is located in. Example sounds are available from netfoss.com.
NetMon is a desktop monitor application, useful when Net2BBS is
running as a Windows service in the background.
NetMon appears nearly identical to the Net2BBS Console interface, and
supports the identical keyboard commands.
Net2Mon will automatically open NetSpy.exe on the desktop each time an
incoming BBS session is opened by the Net2BBS telnet server. NetSpy is
a DOS terminal redirector for Windows, which allows the sysop to spy on
their users when Net2BBS is running as a service under later versions
of Windows (such as Windows 8, 7, Vista, or Server 2008).
Customizing the Net2BBS Console interface
You can adjust the default visibility and the the Height/Width layout
of the Net2BBS Console window using any of the following methods:
* Define the MainView= value in the configuration file (Net2BBS.INI)
* Ajust the properties settings of the Net2BBS.exe (or Net2Mon.exe)
by clicking the programs icon or shortcut and choose
Properties > Layout to select a new Height or Width.
You can further customize the look under the Font and Color tabs.
* You can run the .exe file from a batch file which first uses the
mode command to set a new Height (defined in lines). e.g.:
mode con lines=25
* Further customization can be done by installing a freeware utility
called TrayIt (Available from the Net2BBS web site).
Running Net2BBS as a Service
As of version 1.05, Net2BBS can run either as an application, or as a
Windows service without needing a third party service manager.
To install Net2BSS.EXE as a Windows Service, Open a Command Prompt
(If Running under Windows Vista or later, it must be opened with
Administrator rights by right-clicking on the Command Prompt Icon
and selecting "Run as Administrator".)
From this Command Prompt, type the following command line:
The service can be stopped or started using one of these command lines:
net stop net2bbs
net start net2bbs
To delete the delete the Net2BBS service, type this command line:
In Windows XP and 2000, Services can be configured to directly interact
with the Windows desktop. This can be enabled by going into the Control
Panel's "services" applet (Found under Administrative Tools), open the
Net2BBS service properties, and click on the "Logon" tab, and select
(x) Local System Account
[x] Allow Service to interact with Desktop
Once these options are enabled, Stop and Restart the service for the
changes to take effect.
This will allow the desktop user to view not only the Main Net2BBS
Console (while it's running as a service), but also allows viewing any
Active BBS Node Consoles, allowing the desktop user to interact with the
connected telnet clients.
In later versions of Windows (including Vista, 7, and 8) Microsoft has
added security changes which prevent services from interacting directly
with the Windows desktop. However, it is still possible to view it one
of two ways:
1. If you install Net2BBS as a service, you can run Net2Mon on your
Desktop, which will display all the same data which Net2BBS displays.
Net2Mon will also open a copy of NetSpy for each BBS node that is
opened, to allow the sysop to view activity on each node.
This is the recommended method.
2. If you install Net2BBS as a service, you can switch from the Windows
Desktop to "Sesssion 0" which is where "Local System Account" services
which are configured to "interact with Desktop" are visable. This
allows the active nodes to be visable without needing NetMon/NetSpy.
To allow switching from the Windows desktop to "Session 0" under Windows
Vista, 7 or 8, enable the "Interactive Services Detection" service.
Then each time the Net2BBS Service opens a telnet BBS Node session, the
"Interactive Services detection" will flash in the task bar, and displays
the following message:
"A program running on this computer is trying to display a message."
Next to this message a button says "View the message". When this button
is clicked Windows will switch from Desktop to "Session 0" where the
Console Window of every active BBS node will be visable.
To manually switch from the Desktop to "Session 0", you can use the
hidden keyboard command "0" from Net2Mon.exe. This will only work if the
"Interactive Services Detecton" Service is running,
When Net2BBS.exe is running as a service, all screen output and sound
effects are forwarded to Net2Mon.exe (if it is running) Net2Mon is the
Net2BBS Monitor application. This allows you to view and control the
Net2BBS service from the desktop, even in later versions of Windows.
Using Net2BBS over a Web Server
There are several third party utilities which allow ANSI compatible
telnet servers to be accessed over a web server, by installing a web
based telnet client (terminal) in an HTML page. Here are a few:
JTA - Java Telnet Applet by Matthias Jugel and Marcus Mei▀ner
AnyTerm - Java Telnet terminal by Phil Endecott
FlashTerm - Telnet terminal for the Adobe Flash Player by Peter Nitsch
jsTerm - HTML5 Telnet terminal using Websocket API by Peter Nitsch
fTelnet - Telnet terminal for the Adobe Flash Player by Rick Parrish
HTMLTerm - HTML5 terminal & WebSocket to Telnet redirector by Rick Parrish
In order to allow Flash telnet terminals to connect to your Telnet
Server, you must also run a Socket Policy Server on the same machine,
either on the same TCP port as the telnet server, or on TCP port 843.
Flash first looks for a Socket Policy server on port 843, and if non
is found within 3 seconds, it will look for one on the telnet port.
Net2BBS has a built-in Socket Policy Server which is disabled by
default. To enable it, add the following line to your NET2BBS.INI:
When this is enabled, Net2BBS will send the filename SocketPolicy.xml
when a connection is made to the defined TCP port.
In order to allow HTMLTerm to function, you must also run the WBA.exe
(Web BBS Assistant) which is included in the fTelnet/HTMLTerm package.
While DNS Blacklists are primarily used for mail servers to block
known spammers from delivering email, in recent years they are also
being used by IRC Networks to block open proxies and hijacked PC's
infected by illegal 3rd party exploits.
Care should be taken to use a DNS Blacklist which only blocks
Exploits, Proxies, and Spammers. There are some blacklists which
are designed to block end-user IP address ranges because they should
not be sending unauthenticated SMTP email on a non-corporate mail
server. Using such a list would block thousands of legitimate end-
users from your BBS. Do not use pbl.spamhaus.org for example, which
is such a policy block list. Also do not use zen.spamhaus.org for
the same reason (the zen list includes the pbl list).
Net2BBS allows you to define up to 4 DNS Blacklists. Each List that
is used will increase the delay before an incoming telnet connection
is passed to the BBS. This delay is typically slighty under one second
for each DNSBL used.
Here are some recommended lists to use:
Lists known IP addresses of hijacked PCs infected by illegal 3rd
party exploits, including open proxies, worms/viruses with built-in
spam engines, and other types of trojan-horse exploits.
Some of their data comes from cbl.abuseat.org, so using both of these
would be redundant.
Lists verified open/anonymous proxies.
Returns 127.0.0.2 for listed IP's, TXT will contain listing information.
Lists Open Relay and Hijacked PC's/ Spambots.
Don't use: dnsbl.ahbl.org - This list was recently deactivated.
Lists IP's which attack all forms of Servers other then spamming.
Unlike typical DNSBL, this one is a country geo locater which simply
returns the ISO 3166 numeric country code belonging to the IP, which
Net2BBS then compares to it's own list of country codes to block.
When using this DNSBL, you can define a list of countries to block by
putting the numeric country codes on the BlockCC= line into Net2BBS.ini
BlockCC=156,643,392,804 ; 156=China 643=Russia 392=Japan 804=Ukraine
For a full list of ISO-3166 Country Codes see:
There are many other DNS Blacklists available, and most are free for
Use NEt2BBS entirely at your own risk. In no event will PC Micro,
or its agents be liable for any damages, including loss of profits or
other consequential damages arising from the use or inability to use
You may bundle NetFoss (including Net2BBS) with your own BBS software
or telnet server only as outlined in the NetFoss License defined in
included NETFOSS.TXT file included with NetFoss.
You may modify the Net2BBS.ASM, Net2Mon.ASM, and NetSpy.ASM source code
as you desire as long as they are not used for malware. If you make any
bug-fixes or add new features, please consider sending us any changes
you are willing to share, but know that you don't have to.
Net2BBS is true open-source code, which is not limited by any GNU GPL.
You may use Net2BBS source code snippets for any Windows based project
commercial or otherwise that does not conflict with the MASM32-Project
license which Net2BBS was created under. https://masm32.com/license.htm
Net2BBS is a trademark of PC Micro Systems, Inc.
Net2Mon is a trademark of PC Micro Systems, Inc.
NetSpy is a trademark of PC Micro Systems, Inc.
NetFoss is a trademark of PC Micro Systems, Inc.
PC Micro is a trademark of PC Micro Systens, Inc.
Windows is a trademark of Microsoft Corporation.
Other products mentioned are properties of their respected authors.
End of Net2BBS.txt Help file.
For more information about using Net2BBS with NetFoss, please view
the included NetFoss.txt document, or visit the NetFoss web site at
https://netfoss.com or https://pcmicro.com/netfoss