[Cerowrt-devel] blocking probes...
Török Edwin
edwin+ml-cerowrt at etorok.net
Sun Jan 13 01:15:32 PST 2013
On 01/13/2013 06:50 AM, Dave Taht wrote:
> one of the underused features of cerowrt is that I stuck a sensor on
> xinetd to detect attempts to telnet or ftp to the router and cut off
> access to some other services, notably ssh.
I don't see this on my cerowrt, is this only in the 3.7.x series?
>
> I would have loved to extend this facility to either do it entirely in
> iptables or leverage xinetd to talk to iptables to (for example)
> disable access to the web server.
>
> I'm curious if anyone elses server logs ever show something like this
> in the Real World:
>
> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
> Adding 190.185.12.121 to the global_no_access list for 120 minutes
>
> And I'm curious as to what more fully blown tools like this already exist.
>
I'm using fail2ban on my server (not the router), and see between 2-7 of these bans/day:
Jan 13 03:34:28 sshd[22392]: Did not receive identification string from 83.231.93.133
Jan 13 04:03:05 sshd[23167]: Invalid user delta from 83.231.93.133
Jan 13 04:03:05 sshd[23170]: Invalid user admin from 83.231.93.133
2013-01-13 04:03:06,376 fail2ban.actions: WARNING [ssh] Ban 83.231.93.133
2013-01-13 07:47:21,738 fail2ban.actions: WARNING [ssh] Unban 66.135.32.170
--Edwin
More information about the Cerowrt-devel
mailing list