From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com
	[209.85.220.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id EF87F21F1AD
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 12 Jan 2013 20:50:24 -0800 (PST)
Received: by mail-vc0-f181.google.com with SMTP id gb30so2641894vcb.12
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 12 Jan 2013 20:50:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=BWLs10xTjnxO25J5A8joljsfWtxXmkRfpGCTtSai2B0=;
	b=RiJL5qzSAwN7WndYe+2qfz4SqLlnCey4wp8UVtrn5IeH5pPFUKCO9UUEutxQ0HddwB
	w0vRoz7n+X6gOinumwRGtPIvKflkJhv8tSLKbd6TLQmMlfGUld5/3xP07AhEtKJBkuxH
	AYmXajl/5UQM2Cj4Fyr8iN5CWw4WgSm/Nko58TLU8joDDt+sAfHkULxsZT3x3qRTDdNL
	1xC8fz+24FPKuLxJde7uRy1mu5XEWBq/2+j/MdJbsFtu1qqGHvsP1pPG+6qby+epdChv
	5hnZEiIGVTIxFIBUcpcEu5Mbvi4cnlxCDVeUANyYjCPWb6cGcX2OS+uvoOnD4n4zcPsV
	A2tQ==
MIME-Version: 1.0
Received: by 10.52.34.176 with SMTP id a16mr6535977vdj.44.1358052623552; Sat,
	12 Jan 2013 20:50:23 -0800 (PST)
Received: by 10.58.254.201 with HTTP; Sat, 12 Jan 2013 20:50:23 -0800 (PST)
Date: Sat, 12 Jan 2013 23:50:23 -0500
Message-ID: <CAA93jw6uY8P0RUMsdGsAHmWSXYu5tsxf1VCpFUT96NFCEn2ZbA@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Cerowrt-devel] blocking probes...
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2013 04:50:25 -0000

one of the underused features of cerowrt is that I stuck a sensor on
xinetd to detect attempts to telnet or ftp to the router and cut off
access to some other services, notably ssh.

I would have loved to extend this facility to either do it entirely in
iptables or leverage xinetd to talk to iptables to (for example)
disable access to the web server.

I'm curious if anyone elses server logs ever show something like this
in the Real World:

Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
Adding 190.185.12.121 to the global_no_access list for 120 minutes

And I'm curious as to what more fully blown tools like this already exist.

--=20
Dave T=E4ht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.=
html