From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by huchra.bufferbloat.net (Postfix) with ESMTP id 26B0C21F1AD for ; Sat, 12 Jan 2013 21:01:30 -0800 (PST) Received: from mailout-de.gmx.net ([10.1.76.28]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0LrXxT-1SyO8r304D-013JBo for ; Sun, 13 Jan 2013 06:01:28 +0100 Received: (qmail invoked by alias); 13 Jan 2013 05:01:28 -0000 Received: from 75-142-58-156.static.mtpk.ca.charter.com (EHLO hms-beagle.home.lan) [75.142.58.156] by mail.gmx.net (mp028) with SMTP; 13 Jan 2013 06:01:28 +0100 X-Authenticated: #24211782 X-Provags-ID: V01U2FsdGVkX18STqcnp4kS3i0IetRove1yZKCGIpIGbi8O/V0pzS BI3mihjAwoHBdl Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=windows-1252 From: Sebastian Moeller In-Reply-To: Date: Sat, 12 Jan 2013 21:01:25 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <99FC4CFB-7B03-4D26-BFDD-5FD266BC04D9@gmx.de> References: To: Dave Taht X-Mailer: Apple Mail (2.1283) X-Y-GMX-Trusted: 0 Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] blocking probes... X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2013 05:01:30 -0000 Hi Dave, On Jan 12, 2013, at 20:50 , Dave Taht wrote: > one of the underused features of cerowrt is that I stuck a sensor on > xinetd to detect attempts to telnet or ftp to the router and cut off > access to some other services, notably ssh. >=20 > I would have loved to extend this facility to either do it entirely in > iptables or leverage xinetd to talk to iptables to (for example) > disable access to the web server. >=20 > I'm curious if anyone elses server logs ever show something like this > in the Real World: >=20 > Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor} > Adding 190.185.12.121 to the global_no_access list for 120 minutes >=20 > And I'm curious as to what more fully blown tools like this already = exist. This sounds remotely like a sort of reverse port knocking = system, where you would connect to certain ports before allowing say ssh = on some unusual port. You probably know this but on the off chance it = might be news=85=20 best Sebastian >=20 > --=20 > Dave T=E4ht >=20 > Fixing bufferbloat with cerowrt: = http://www.teklibre.com/cerowrt/subscribe.html > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel