[Cerowrt-devel] blocking probes...
Sebastian Moeller
moeller0 at gmx.de
Sat Jan 12 21:01:25 PST 2013
Hi Dave,
On Jan 12, 2013, at 20:50 , Dave Taht wrote:
> one of the underused features of cerowrt is that I stuck a sensor on
> xinetd to detect attempts to telnet or ftp to the router and cut off
> access to some other services, notably ssh.
>
> I would have loved to extend this facility to either do it entirely in
> iptables or leverage xinetd to talk to iptables to (for example)
> disable access to the web server.
>
> I'm curious if anyone elses server logs ever show something like this
> in the Real World:
>
> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
> Adding 190.185.12.121 to the global_no_access list for 120 minutes
>
> And I'm curious as to what more fully blown tools like this already exist.
This sounds remotely like a sort of reverse port knocking system, where you would connect to certain ports before allowing say ssh on some unusual port. You probably know this but on the off chance it might be news…
best
Sebastian
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
More information about the Cerowrt-devel
mailing list