[Cerowrt-devel] blocking probes...

Török Edwin edwin+ml-cerowrt at etorok.net
Sun Jan 13 04:15:32 EST 2013

On 01/13/2013 06:50 AM, Dave Taht wrote:
> one of the underused features of cerowrt is that I stuck a sensor on
> xinetd to detect attempts to telnet or ftp to the router and cut off
> access to some other services, notably ssh.

I don't see this on my cerowrt, is this only in the 3.7.x series?

> I would have loved to extend this facility to either do it entirely in
> iptables or leverage xinetd to talk to iptables to (for example)
> disable access to the web server.
> I'm curious if anyone elses server logs ever show something like this
> in the Real World:
> Jan 12 20:44:02 europa daemon.crit xinetd[3273]: 3273 {process_sensor}
> Adding to the global_no_access list for 120 minutes
> And I'm curious as to what more fully blown tools like this already exist.

I'm using fail2ban on my server (not the router), and see between 2-7 of these bans/day:
Jan 13 03:34:28 sshd[22392]: Did not receive identification string from
Jan 13 04:03:05 sshd[23167]: Invalid user delta from
Jan 13 04:03:05 sshd[23170]: Invalid user admin from
2013-01-13 04:03:06,376 fail2ban.actions: WARNING [ssh] Ban
2013-01-13 07:47:21,738 fail2ban.actions: WARNING [ssh] Unban


More information about the Cerowrt-devel mailing list