From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <edwin+ml-cerowrt@etorok.net>
Received: from mail.etorok.net (mail.etorok.net
	[IPv6:2a01:4f8:160:1223::beef:2])
	by huchra.bufferbloat.net (Postfix) with ESMTP id 70F8B21F0B0
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 28 Jan 2013 07:44:16 -0800 (PST)
Received: from [IPv6:2a02:2f02:1022:a066:1e6f:65ff:fe23:db0d] (unknown
	[IPv6:2a02:2f02:1022:a066:1e6f:65ff:fe23:db0d])
	by mail.etorok.net (Postfix) with ESMTPSA id 06A0146B5
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 28 Jan 2013 16:44:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=etorok.net;
	s=MAILOUT; t=1359387855;
	bh=/AZweYYje8QZ0FstZ05mgwZcUuKirPwVx1Of4oYO5cY=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=wiRKn6uId4Cyl3BoSFrvUNI+zrcBTsiuHffNv2qadNzemvVRici/p+k+1ElxmkP/c
	7RCrU5y++PwXWzjIzCNFqdy9KOQVz/vbcPF7osS1AeZ8PO1kvJNsTfQAgaa8AbW2gk
	+ghFZlzzyTtuBzDNf3dKrw1xV4v7FPRYCa5vpNNI=
Message-ID: <51069CCE.4010504@etorok.net>
Date: Mon, 28 Jan 2013 17:44:14 +0200
From: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= <edwin+ml-cerowrt@etorok.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: cerowrt-devel@lists.bufferbloat.net
References: <CAA93jw6uY8P0RUMsdGsAHmWSXYu5tsxf1VCpFUT96NFCEn2ZbA@mail.gmail.com>
	<50F27B34.503@etorok.net>
In-Reply-To: <50F27B34.503@etorok.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.97.6 at mail
X-Virus-Status: Clean
Subject: Re: [Cerowrt-devel] blocking probes...
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 28 Jan 2013 15:44:17 -0000

On 01/13/2013 11:15 AM, Török Edwin wrote:
> On 01/13/2013 06:50 AM, Dave Taht wrote:
>> one of the underused features of cerowrt is that I stuck a sensor on
>> xinetd to detect attempts to telnet or ftp to the router and cut off
>> access to some other services, notably ssh.
> 
> I don't see this on my cerowrt, is this only in the 3.7.x series?
> 
>>
>> I would have loved to extend this facility to either do it entirely in
>> iptables or leverage xinetd to talk to iptables to (for example)
>> disable access to the web server.
>>
>> I'm curious if anyone elses server logs ever show something like this
>> in the Real World:
>>
>> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
>> Adding 190.185.12.121 to the global_no_access list for 120 minutes

With 3.7.4 I see these now on my home router, so its definetely working:
root@OpenWrt:~# logread|grep xinetd|grep Adding|wc -l
20

The IPs are from Russia, Peru, Colombia, Egypt, UK, Kuwait, Turkey, Azerbaijan.


Best regards,
--Edwin