[Cerowrt-devel] blocking probes...

Maciej Soltysiak maciej at soltysiak.com
Mon Jan 28 10:49:36 PST 2013


I've said it before and I'll say it again:
iptables -I zone_wan -j DROP
And if you really need access from wan INSERT a rule before that DROP.

Regards,
Maciej


On Mon, Jan 28, 2013 at 4:44 PM, Török Edwin <edwin+ml-cerowrt at etorok.net>wrote:

> On 01/13/2013 11:15 AM, Török Edwin wrote:
> > On 01/13/2013 06:50 AM, Dave Taht wrote:
> >> one of the underused features of cerowrt is that I stuck a sensor on
> >> xinetd to detect attempts to telnet or ftp to the router and cut off
> >> access to some other services, notably ssh.
> >
> > I don't see this on my cerowrt, is this only in the 3.7.x series?
> >
> >>
> >> I would have loved to extend this facility to either do it entirely in
> >> iptables or leverage xinetd to talk to iptables to (for example)
> >> disable access to the web server.
> >>
> >> I'm curious if anyone elses server logs ever show something like this
> >> in the Real World:
> >>
> >> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
> >> Adding 190.185.12.121 to the global_no_access list for 120 minutes
>
> With 3.7.4 I see these now on my home router, so its definetely working:
> root at OpenWrt:~# logread|grep xinetd|grep Adding|wc -l
> 20
>
> The IPs are from Russia, Peru, Colombia, Egypt, UK, Kuwait, Turkey,
> Azerbaijan.
>
>
> Best regards,
> --Edwin
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20130128/3b85b424/attachment-0001.html>


More information about the Cerowrt-devel mailing list