Re: [WISPA] Cool ideas for RouterOS....
On Sat, 30 Dec 2006, Pete Davis wrote: I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space. I am working on this idea currently. I have an almost complete implementation of this already. I expect that in the next 2 months, I will have a fully working version (for 2.8.x I am not sure how I will implement the firewall) for 2.9.x. If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas. This is another good idea, but what I do now (as you mention) already does this more or less. I may look at implementing some of these features. A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably. I've done almost exactly this once already. Not the part that "roams to APs not owned by the WISP", but the rest of it. Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field. This will have to be sent to MT directly. I would like to be able to sort other areas by comment as well. Wireless Registration table is an example. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Cool ideas for RouterOS....
How about a splash page stored in the flash card for the hot spot. And maybe a bar inserted in web browsing to a specific customer ip. Like a friendly reminder to call the credit department or "Guido" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Saturday, December 30, B2006 2:40 AM To: WISPA General List Cc: [EMAIL PROTECTED] Subject: Re: [WISPA] Cool ideas for RouterOS I like those, and would like to probably implement them myself. Here are some of my ideas/wishlist. I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space. If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas. A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably. Please don't respond to this one telling me how the cops are gonna take away my freedoms for connecting to an insecure home wireless network. I know its wrong to "steal" bandwidth, and I don't want a new 100 response opinion fest. Please keep your "is too/is not" to yourself. I know that this idea is ethically questionable. Another reason why I won't be implementing it any time soon. Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field. I would also, for that matter, be able to sort my DHCP leases by the IP address (like I could in 2.8). I like the 2.9 capability of assigning a dhcp lease to a specific pool, but then sorting by IP address now just seems to randomize the order. If I could sort by IP address, then have all of my bridge leases (172.16.x.x) together, all of my customer leases (64.123.x.x) together, that would be awesome. If I could sort by comment, then finding "smith, bob" then finding "smith, bob - bridge" to see if either/both have an active lease would be MUCH easier, and make life much better for my staff. Pete Davis NoDial.net Butch Evans wrote: > I'd like to throw this out for the weekend. I want to gather some > ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS > technology. I have a few that I can think of off the top of my head > that I will try to get documented (some possibly for free - to be > posted on my website). For example: > > 1. Automated virus detection - this application would need to be able > to detect virus like activity (whatever that means) and automatically > cause the offender - if they are on-net - to be disconnected except > for the ability to visit http://housecall.antivirus.com and test to > see if they have removed the virus(es) before allowing full access again. > > 2. Automatically build a list of valid SMTP servers based on servers > that have been used to check email (I've done this one several > times). This will prevent those viruses and spam trojans from getting > your IP blacklisted if you NAT. > > 3. Queue mechanism that implements an automated fair access policy > (similar to what some of the satellite companies do) - I have done > something SIMILAR to this, but implementing this properly will take a > bit more work. > > OK...So I've got you started...now step forth with your ideas (either > implemented already or just a "wish-list") and let's come up with some > really cool stuff! While we're at it,
Re: [WISPA] Cool ideas for RouterOS....
Butch, I really like your third application here. I use PFsense for a traffic shaper and am new to MT. Can't figure out how to get queues to change after a sub downloads X mb in a day. On 12/29/06, Butch Evans <[EMAIL PROTECTED]> wrote: I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. OK...So I've got you started...now step forth with your ideas (either implemented already or just a "wish-list") and let's come up with some really cool stuff! While we're at it, you can let me know what you think of the above ideas...are they worth the effort? -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
On Sat, 30 Dec 2006, Mark Nash - Lists wrote: This puts an extra line on the list for each customer, right? Yes. In the registration table, you can't add comments. If a customer radio is in the access-list with a comment, that comment is added to the entry above their registration. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
This puts an extra line on the list for each customer, right? Mark Nash Network Engineer UnwiredOnline.Net 350 Holly Street Junction City, OR 97448 http://www.uwol.net 541-998- 541-998-5599 fax - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 30, 2006 2:11 PM Subject: Re: [WISPA] Cool ideas for RouterOS On Sat, 30 Dec 2006, Mark Nash - Lists wrote: How about the ability to place a customer name in the ACL for non-RouterOS CPEs? Like this? / interface wireless access-list add mac-address=00:11:F5:62:4E:F6 interface=wirelesshotspot \ authentication=yes forwarding=no \ comment="Butch Toshiba Laptop" disabled=no This comment shows up on the registration table, too. Anything beyond this is not something that the MT can do (or will do). -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
On Sat, 30 Dec 2006, Mark Nash - Lists wrote: How about the ability to place a customer name in the ACL for non-RouterOS CPEs? Like this? / interface wireless access-list add mac-address=00:11:F5:62:4E:F6 interface=wirelesshotspot \ authentication=yes forwarding=no \ comment="Butch Toshiba Laptop" disabled=no This comment shows up on the registration table, too. Anything beyond this is not something that the MT can do (or will do). -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
How about the ability to place a customer name in the ACL for non-RouterOS CPEs? Mark Nash Network Engineer UnwiredOnline.Net 350 Holly Street Junction City, OR 97448 http://www.uwol.net 541-998- 541-998-5599 fax - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "Wispa List" Sent: Friday, December 29, 2006 11:47 PM Subject: [WISPA] Cool ideas for RouterOS I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. OK...So I've got you started...now step forth with your ideas (either implemented already or just a "wish-list") and let's come up with some really cool stuff! While we're at it, you can let me know what you think of the above ideas...are they worth the effort? -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
Keep a list of 'discovered' DHCP servers and their mac addresses in a table. Usually, the LAN mac address of the consumer routers is one off from the WAN mac address, so we should be able to quickly identify who has plugged their router in backwards. Mark Nash Network Engineer UnwiredOnline.Net 350 Holly Street Junction City, OR 97448 http://www.uwol.net 541-998- 541-998-5599 fax - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "Wispa List" Sent: Friday, December 29, 2006 11:47 PM Subject: [WISPA] Cool ideas for RouterOS I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. OK...So I've got you started...now step forth with your ideas (either implemented already or just a "wish-list") and let's come up with some really cool stuff! While we're at it, you can let me know what you think of the above ideas...are they worth the effort? -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Cool ideas for RouterOS....
Scott Reed wrote: A little extension on one of these, WinBox sort on any field by clicking the header. Somewhat standard Windows operation. WinBox for Linux. I have run Winbox on WINE in Linux or in WINE on Linux. Whatever. Need a better way to clone CPEs. If I am building 15 CPEs today, I would like to be able to plug it in, push a configuration to it and have it ready to deploy. Even better would be to have the IP address auto increment as it loads. Going farther, read the configuration parameters out of a MySQL database, build the configuration and push it to the RB. Yeah, nice idea. Kind of like a IEAK for RouterOS. (Internet Explorer Administration Kit allows for ISP or Corporate browser customization for Internet Explorer deployment). It would almost have to be an offline/offsite configuration building/editing utility to do all of that. Pete Davis wrote: I like those, and would like to probably implement them myself. Here are some of my ideas/wishlist. I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space. If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas. A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably. Please don't respond to this one telling me how the cops are gonna take away my freedoms for connecting to an insecure home wireless network. I know its wrong to "steal" bandwidth, and I don't want a new 100 response opinion fest. Please keep your "is too/is not" to yourself. I know that this idea is ethically questionable. Another reason why I won't be implementing it any time soon. Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field. I would also, for that matter, be able to sort my DHCP leases by the IP address (like I could in 2.8). I like the 2.9 capability of assigning a dhcp lease to a specific pool, but then sorting by IP address now just seems to randomize the order. If I could sort by IP address, then have all of my bridge leases (172.16.x.x) together, all of my customer leases (64.123.x.x) together, that would be awesome. If I could sort by comment, then finding "smith, bob" then finding "smith, bob - bridge" to see if either/both have an active lease would be MUCH easier, and make life much better for my staff. Pete Davis NoDial.net Butch Evans wrote: I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. O
Re: [WISPA] Cool ideas for RouterOS....
A little extension on one of these, WinBox sort on any field by clicking the header. Somewhat standard Windows operation. WinBox for Linux. Need a better way to clone CPEs. If I am building 15 CPEs today, I would like to be able to plug it in, push a configuration to it and have it ready to deploy. Even better would be to have the IP address auto increment as it loads. Going farther, read the configuration parameters out of a MySQL database, build the configuration and push it to the RB. Pete Davis wrote: I like those, and would like to probably implement them myself. Here are some of my ideas/wishlist. I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space. If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas. A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably. Please don't respond to this one telling me how the cops are gonna take away my freedoms for connecting to an insecure home wireless network. I know its wrong to "steal" bandwidth, and I don't want a new 100 response opinion fest. Please keep your "is too/is not" to yourself. I know that this idea is ethically questionable. Another reason why I won't be implementing it any time soon. Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field. I would also, for that matter, be able to sort my DHCP leases by the IP address (like I could in 2.8). I like the 2.9 capability of assigning a dhcp lease to a specific pool, but then sorting by IP address now just seems to randomize the order. If I could sort by IP address, then have all of my bridge leases (172.16.x.x) together, all of my customer leases (64.123.x.x) together, that would be awesome. If I could sort by comment, then finding "smith, bob" then finding "smith, bob - bridge" to see if either/both have an active lease would be MUCH easier, and make life much better for my staff. Pete Davis NoDial.net Butch Evans wrote: I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. OK...So I've got you started...now step forth with your ideas (either implemented already or just a "wish-list") and let's come up with some really cool stuff! While we're at it, you can let me know what you think of the above ideas...are they worth the effort? -- Scott Reed Owner NewWays Wireless Networking Network Design, Installation and Administration www.nwwnet.
Re: [WISPA] Cool ideas for RouterOS....
I like those, and would like to probably implement them myself. Here are some of my ideas/wishlist. I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space. If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas. A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably. Please don't respond to this one telling me how the cops are gonna take away my freedoms for connecting to an insecure home wireless network. I know its wrong to "steal" bandwidth, and I don't want a new 100 response opinion fest. Please keep your "is too/is not" to yourself. I know that this idea is ethically questionable. Another reason why I won't be implementing it any time soon. Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field. I would also, for that matter, be able to sort my DHCP leases by the IP address (like I could in 2.8). I like the 2.9 capability of assigning a dhcp lease to a specific pool, but then sorting by IP address now just seems to randomize the order. If I could sort by IP address, then have all of my bridge leases (172.16.x.x) together, all of my customer leases (64.123.x.x) together, that would be awesome. If I could sort by comment, then finding "smith, bob" then finding "smith, bob - bridge" to see if either/both have an active lease would be MUCH easier, and make life much better for my staff. Pete Davis NoDial.net Butch Evans wrote: I'd like to throw this out for the weekend. I want to gather some ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. I have a few that I can think of off the top of my head that I will try to get documented (some possibly for free - to be posted on my website). For example: 1. Automated virus detection - this application would need to be able to detect virus like activity (whatever that means) and automatically cause the offender - if they are on-net - to be disconnected except for the ability to visit http://housecall.antivirus.com and test to see if they have removed the virus(es) before allowing full access again. 2. Automatically build a list of valid SMTP servers based on servers that have been used to check email (I've done this one several times). This will prevent those viruses and spam trojans from getting your IP blacklisted if you NAT. 3. Queue mechanism that implements an automated fair access policy (similar to what some of the satellite companies do) - I have done something SIMILAR to this, but implementing this properly will take a bit more work. OK...So I've got you started...now step forth with your ideas (either implemented already or just a "wish-list") and let's come up with some really cool stuff! While we're at it, you can let me know what you think of the above ideas...are they worth the effort? -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/