Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Pete Davis
I like those, and would like to probably implement them myself. Here are 
some of my ideas/wishlist.


I would like to see the script equivalent of DenyHosts.  [see 
http://denyhosts.sourceforge.net] whereas if password authentication 
fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a 
row, that IP gets dynamically added to the blacklist address list, and 
all data to/from is denied for 12 hrs (or so). My logs are usually full 
of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute 
force dictionary login attempts. Permanently blacklisting them seems 
like a waste of resources/disk space.


If I could get notified of any IP who sends smtp (TCP/25) traffic to 
more than 5 different destinations/hr(min?) that could be a good script. 
Some of my business clients host their own email server, so that's okay, 
but most clients only need to send to my SMTP server. Automatically 
blocking port25 for certain users who violate this (due to a virus) 
would be good also. I guess this is similar to your #1 and #2 ideas.


A script I think would be neat, but don't have the time to implement it 
now, if a 2-radio routerboard/wrap/whatever could be mounted in the van 
with an omni antenna on the roof (or bumper) connected to the client 
radio, and automatically associate to the nearest non-secure (or secure 
if it has our client WEP key) AP (with a SSID other than 
THENODIALVAN), then nat/rebroadcast on a weaker AP (with a duckie 
antenna), with the SSID of THENODIALVAN then it would be kind of the 
ultimate war driving vehicle. Another script to VPN tunnel into the 
office on demand so the techs could get/file paperwork from their 
laptops.  Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone 
bills to/from the technicians could drop considerably.
Please don't respond to this one telling me how the cops are gonna take 
away my freedoms for connecting to an insecure home wireless network. I 
know its wrong to steal bandwidth, and I don't want a new 100 response 
opinion fest. Please keep your is too/is not to yourself. I know that 
this idea is ethically questionable. Another reason why I won't be 
implementing it any time soon.


Winbox feature wishlist:
I would like to be able to sort my DHCP leases by the comment field.

I would also, for that matter, be able to sort my DHCP leases by the IP 
address (like I could in 2.8). I like the 2.9 capability of assigning a 
dhcp lease to a specific pool, but then sorting by IP address now just 
seems to randomize the order.


If I could sort by IP address, then have all of my bridge leases 
(172.16.x.x) together, all of my customer leases (64.123.x.x) together, 
that would be awesome.
If I could sort by comment, then finding smith, bob then finding 
smith, bob - bridge to see if either/both have an active lease would 
be MUCH easier, and make life much better for my staff.


Pete Davis
NoDial.net

Butch Evans wrote:
I'd like to throw this out for the weekend.  I want to gather some 
ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS 
technology.  I have a few that I can think of off the top of my head 
that I will try to get documented (some possibly for free - to be 
posted on my website).  For example:


1. Automated virus detection - this application would need to be able 
to detect virus like activity (whatever that means) and automatically 
cause the offender - if they are on-net - to be disconnected except 
for the ability to visit http://housecall.antivirus.com and test to 
see if they have removed the virus(es) before allowing full access again.


2. Automatically build a list of valid SMTP servers based on servers 
that have been used to check email (I've done this one several 
times).  This will prevent those viruses and spam trojans from getting 
your IP blacklisted if you NAT.


3. Queue mechanism that implements an automated fair access policy 
(similar to what some of the satellite companies do) - I have done 
something SIMILAR to this, but implementing this properly will take a 
bit more work.


OK...So I've got you started...now step forth with your ideas (either 
implemented already or just a wish-list) and let's come up with some 
really cool stuff!  While we're at it, you can let me know what you 
think of the above ideas...are they worth the effort?




--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Scott Reed
A little extension on one of these, WinBox sort on any field by clicking 
the header.  Somewhat standard Windows operation.


WinBox for Linux.

Need a better way to clone CPEs.  If I am building 15 CPEs today, I 
would like to be able to plug it in, push a configuration to it and have 
it ready to deploy.  Even better would be to have the IP address auto 
increment as it loads.  Going farther, read the configuration parameters 
out of a MySQL database, build the configuration and push it to the RB.



Pete Davis wrote:
I like those, and would like to probably implement them myself. Here 
are some of my ideas/wishlist.


I would like to see the script equivalent of DenyHosts.  [see 
http://denyhosts.sourceforge.net] whereas if password authentication 
fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a 
row, that IP gets dynamically added to the blacklist address list, 
and all data to/from is denied for 12 hrs (or so). My logs are usually 
full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying 
brute force dictionary login attempts. Permanently blacklisting them 
seems like a waste of resources/disk space.


If I could get notified of any IP who sends smtp (TCP/25) traffic to 
more than 5 different destinations/hr(min?) that could be a good 
script. Some of my business clients host their own email server, so 
that's okay, but most clients only need to send to my SMTP server. 
Automatically blocking port25 for certain users who violate this (due 
to a virus) would be good also. I guess this is similar to your #1 and 
#2 ideas.


A script I think would be neat, but don't have the time to implement 
it now, if a 2-radio routerboard/wrap/whatever could be mounted in the 
van with an omni antenna on the roof (or bumper) connected to the 
client radio, and automatically associate to the nearest non-secure 
(or secure if it has our client WEP key) AP (with a SSID other than 
THENODIALVAN), then nat/rebroadcast on a weaker AP (with a duckie 
antenna), with the SSID of THENODIALVAN then it would be kind of the 
ultimate war driving vehicle. Another script to VPN tunnel into the 
office on demand so the techs could get/file paperwork from their 
laptops.  Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone 
bills to/from the technicians could drop considerably.
Please don't respond to this one telling me how the cops are gonna 
take away my freedoms for connecting to an insecure home wireless 
network. I know its wrong to steal bandwidth, and I don't want a new 
100 response opinion fest. Please keep your is too/is not to 
yourself. I know that this idea is ethically questionable. Another 
reason why I won't be implementing it any time soon.


Winbox feature wishlist:
I would like to be able to sort my DHCP leases by the comment field.

I would also, for that matter, be able to sort my DHCP leases by the 
IP address (like I could in 2.8). I like the 2.9 capability of 
assigning a dhcp lease to a specific pool, but then sorting by IP 
address now just seems to randomize the order.


If I could sort by IP address, then have all of my bridge leases 
(172.16.x.x) together, all of my customer leases (64.123.x.x) 
together, that would be awesome.
If I could sort by comment, then finding smith, bob then finding 
smith, bob - bridge to see if either/both have an active lease would 
be MUCH easier, and make life much better for my staff.


Pete Davis
NoDial.net

Butch Evans wrote:
I'd like to throw this out for the weekend.  I want to gather some 
ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS 
technology.  I have a few that I can think of off the top of my head 
that I will try to get documented (some possibly for free - to be 
posted on my website).  For example:


1. Automated virus detection - this application would need to be able 
to detect virus like activity (whatever that means) and automatically 
cause the offender - if they are on-net - to be disconnected except 
for the ability to visit http://housecall.antivirus.com and test to 
see if they have removed the virus(es) before allowing full access 
again.


2. Automatically build a list of valid SMTP servers based on servers 
that have been used to check email (I've done this one several 
times).  This will prevent those viruses and spam trojans from 
getting your IP blacklisted if you NAT.


3. Queue mechanism that implements an automated fair access policy 
(similar to what some of the satellite companies do) - I have done 
something SIMILAR to this, but implementing this properly will take a 
bit more work.


OK...So I've got you started...now step forth with your ideas (either 
implemented already or just a wish-list) and let's come up with 
some really cool stuff!  While we're at it, you can let me know what 
you think of the above ideas...are they worth the effort?






--
Scott Reed
Owner
NewWays
Wireless Networking
Network Design, Installation and Administration
www.nwwnet.net

--
WISPA 

Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Pete Davis

Scott Reed wrote:
A little extension on one of these, WinBox sort on any field by clicking 
the header.  Somewhat standard Windows operation.


WinBox for Linux.


I have run Winbox on WINE in Linux or in WINE on Linux. Whatever.



Need a better way to clone CPEs.  If I am building 15 CPEs today, I 
would like to be able to plug it in, push a configuration to it and have 
it ready to deploy.  Even better would be to have the IP address auto 
increment as it loads.  Going farther, read the configuration parameters 
out of a MySQL database, build the configuration and push it to the RB.


Yeah, nice idea. Kind of like a IEAK for RouterOS. (Internet Explorer 
Administration Kit allows for ISP or Corporate browser customization for 
 Internet Explorer deployment). It would almost have to be an 
offline/offsite configuration building/editing utility to do all of that.




Pete Davis wrote:
I like those, and would like to probably implement them myself. Here 
are some of my ideas/wishlist.


I would like to see the script equivalent of DenyHosts.  [see 
http://denyhosts.sourceforge.net] whereas if password authentication 
fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a 
row, that IP gets dynamically added to the blacklist address list, 
and all data to/from is denied for 12 hrs (or so). My logs are usually 
full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying 
brute force dictionary login attempts. Permanently blacklisting them 
seems like a waste of resources/disk space.


If I could get notified of any IP who sends smtp (TCP/25) traffic to 
more than 5 different destinations/hr(min?) that could be a good 
script. Some of my business clients host their own email server, so 
that's okay, but most clients only need to send to my SMTP server. 
Automatically blocking port25 for certain users who violate this (due 
to a virus) would be good also. I guess this is similar to your #1 and 
#2 ideas.


A script I think would be neat, but don't have the time to implement 
it now, if a 2-radio routerboard/wrap/whatever could be mounted in the 
van with an omni antenna on the roof (or bumper) connected to the 
client radio, and automatically associate to the nearest non-secure 
(or secure if it has our client WEP key) AP (with a SSID other than 
THENODIALVAN), then nat/rebroadcast on a weaker AP (with a duckie 
antenna), with the SSID of THENODIALVAN then it would be kind of the 
ultimate war driving vehicle. Another script to VPN tunnel into the 
office on demand so the techs could get/file paperwork from their 
laptops.  Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone 
bills to/from the technicians could drop considerably.
Please don't respond to this one telling me how the cops are gonna 
take away my freedoms for connecting to an insecure home wireless 
network. I know its wrong to steal bandwidth, and I don't want a new 
100 response opinion fest. Please keep your is too/is not to 
yourself. I know that this idea is ethically questionable. Another 
reason why I won't be implementing it any time soon.


Winbox feature wishlist:
I would like to be able to sort my DHCP leases by the comment field.

I would also, for that matter, be able to sort my DHCP leases by the 
IP address (like I could in 2.8). I like the 2.9 capability of 
assigning a dhcp lease to a specific pool, but then sorting by IP 
address now just seems to randomize the order.


If I could sort by IP address, then have all of my bridge leases 
(172.16.x.x) together, all of my customer leases (64.123.x.x) 
together, that would be awesome.
If I could sort by comment, then finding smith, bob then finding 
smith, bob - bridge to see if either/both have an active lease would 
be MUCH easier, and make life much better for my staff.


Pete Davis
NoDial.net

Butch Evans wrote:
I'd like to throw this out for the weekend.  I want to gather some 
ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS 
technology.  I have a few that I can think of off the top of my head 
that I will try to get documented (some possibly for free - to be 
posted on my website).  For example:


1. Automated virus detection - this application would need to be able 
to detect virus like activity (whatever that means) and automatically 
cause the offender - if they are on-net - to be disconnected except 
for the ability to visit http://housecall.antivirus.com and test to 
see if they have removed the virus(es) before allowing full access 
again.


2. Automatically build a list of valid SMTP servers based on servers 
that have been used to check email (I've done this one several 
times).  This will prevent those viruses and spam trojans from 
getting your IP blacklisted if you NAT.


3. Queue mechanism that implements an automated fair access policy 
(similar to what some of the satellite companies do) - I have done 
something SIMILAR to this, but implementing this properly will take a 
bit more work.


OK...So I've got you 

Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Mark Nash - Lists
Keep a list of 'discovered' DHCP servers and their mac addresses in a table. 
Usually, the LAN mac address of the consumer routers is one off from the WAN 
mac address, so we should be able to quickly identify who has plugged their 
router in backwards.


Mark Nash
Network Engineer
UnwiredOnline.Net
350 Holly Street
Junction City, OR 97448
http://www.uwol.net
541-998-
541-998-5599 fax
- Original Message - 
From: Butch Evans [EMAIL PROTECTED]

To: Wispa List wireless@wispa.org
Sent: Friday, December 29, 2006 11:47 PM
Subject: [WISPA] Cool ideas for RouterOS


I'd like to throw this out for the weekend.  I want to gather some ideas 
for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. 
I have a few that I can think of off the top of my head that I will try to 
get documented (some possibly for free - to be posted on my website).  For 
example:


1. Automated virus detection - this application would need to be able to 
detect virus like activity (whatever that means) and automatically cause 
the offender - if they are on-net - to be disconnected except for the 
ability to visit http://housecall.antivirus.com and test to see if they 
have removed the virus(es) before allowing full access again.


2. Automatically build a list of valid SMTP servers based on servers that 
have been used to check email (I've done this one several times).  This 
will prevent those viruses and spam trojans from getting your IP 
blacklisted if you NAT.


3. Queue mechanism that implements an automated fair access policy 
(similar to what some of the satellite companies do) - I have done 
something SIMILAR to this, but implementing this properly will take a bit 
more work.


OK...So I've got you started...now step forth with your ideas (either 
implemented already or just a wish-list) and let's come up with some 
really cool stuff!  While we're at it, you can let me know what you think 
of the above ideas...are they worth the effort?


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Mark Nash - Lists
How about the ability to place a customer name in the ACL for non-RouterOS 
CPEs?


Mark Nash
Network Engineer
UnwiredOnline.Net
350 Holly Street
Junction City, OR 97448
http://www.uwol.net
541-998-
541-998-5599 fax
- Original Message - 
From: Butch Evans [EMAIL PROTECTED]

To: Wispa List wireless@wispa.org
Sent: Friday, December 29, 2006 11:47 PM
Subject: [WISPA] Cool ideas for RouterOS


I'd like to throw this out for the weekend.  I want to gather some ideas 
for IMPLEMENTATIONS you'd like to see with existing RouterOS technology. 
I have a few that I can think of off the top of my head that I will try to 
get documented (some possibly for free - to be posted on my website).  For 
example:


1. Automated virus detection - this application would need to be able to 
detect virus like activity (whatever that means) and automatically cause 
the offender - if they are on-net - to be disconnected except for the 
ability to visit http://housecall.antivirus.com and test to see if they 
have removed the virus(es) before allowing full access again.


2. Automatically build a list of valid SMTP servers based on servers that 
have been used to check email (I've done this one several times).  This 
will prevent those viruses and spam trojans from getting your IP 
blacklisted if you NAT.


3. Queue mechanism that implements an automated fair access policy 
(similar to what some of the satellite companies do) - I have done 
something SIMILAR to this, but implementing this properly will take a bit 
more work.


OK...So I've got you started...now step forth with your ideas (either 
implemented already or just a wish-list) and let's come up with some 
really cool stuff!  While we're at it, you can let me know what you think 
of the above ideas...are they worth the effort?


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Butch Evans

On Sat, 30 Dec 2006, Mark Nash - Lists wrote:

How about the ability to place a customer name in the ACL for 
non-RouterOS CPEs?


Like this?
/ interface wireless access-list
add mac-address=00:11:F5:62:4E:F6 interface=wirelesshotspot \
authentication=yes forwarding=no \
comment=Butch Toshiba Laptop disabled=no

This comment shows up on the registration table, too.  Anything 
beyond this is not something that the MT can do (or will do).


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Mark Nash - Lists

This puts an extra line on the list for each customer, right?

Mark Nash
Network Engineer
UnwiredOnline.Net
350 Holly Street
Junction City, OR 97448
http://www.uwol.net
541-998-
541-998-5599 fax
- Original Message - 
From: Butch Evans [EMAIL PROTECTED]

To: WISPA General List wireless@wispa.org
Sent: Saturday, December 30, 2006 2:11 PM
Subject: Re: [WISPA] Cool ideas for RouterOS



On Sat, 30 Dec 2006, Mark Nash - Lists wrote:

How about the ability to place a customer name in the ACL for 
non-RouterOS CPEs?


Like this?
/ interface wireless access-list
add mac-address=00:11:F5:62:4E:F6 interface=wirelesshotspot \
authentication=yes forwarding=no \
comment=Butch Toshiba Laptop disabled=no

This comment shows up on the registration table, too.  Anything 
beyond this is not something that the MT can do (or will do).


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Butch Evans

On Sat, 30 Dec 2006, Mark Nash - Lists wrote:


This puts an extra line on the list for each customer, right?


Yes.  In the registration table, you can't add comments.  If a 
customer radio is in the access-list with a comment, that comment is 
added to the entry above their registration.


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread rabbtux rabbtux

Butch,

I really like your third application here.  I use PFsense for a
traffic shaper and am new to MT.  Can't figure out how to get queues
to change after a sub downloads X mb in a day.

On 12/29/06, Butch Evans [EMAIL PROTECTED] wrote:

I'd like to throw this out for the weekend.  I want to gather some ideas for
IMPLEMENTATIONS you'd like to see with existing RouterOS technology.  I have a
few that I can think of off the top of my head that I will try to get
documented (some possibly for free - to be posted on my website).  For example:

1. Automated virus detection - this application would need to be able to detect
virus like activity (whatever that means) and automatically cause the offender
- if they are on-net - to be disconnected except for the ability to visit
http://housecall.antivirus.com and test to see if they have removed the
virus(es) before allowing full access again.

2. Automatically build a list of valid SMTP servers based on servers that have
been used to check email (I've done this one several times).  This will prevent
those viruses and spam trojans from getting your IP blacklisted if you NAT.

3. Queue mechanism that implements an automated fair access policy (similar to
what some of the satellite companies do) - I have done something SIMILAR to
this, but implementing this properly will take a bit more work.

OK...So I've got you started...now step forth with your ideas (either
implemented already or just a wish-list) and let's come up with some really
cool stuff!  While we're at it, you can let me know what you think of the above
ideas...are they worth the effort?

--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread CHUCK PROFITO
How about a splash page stored in the flash card for the hot spot.   And
maybe a bar inserted in web browsing to a specific customer ip.
Like a friendly reminder to call the credit department or Guido

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Saturday, December 30, B2006 2:40 AM
To: WISPA General List
Cc: [EMAIL PROTECTED]
Subject: Re: [WISPA] Cool ideas for RouterOS


I like those, and would like to probably implement them myself. Here are 
some of my ideas/wishlist.

I would like to see the script equivalent of DenyHosts.  [see 
http://denyhosts.sourceforge.net] whereas if password authentication 
fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a 
row, that IP gets dynamically added to the blacklist address list, and 
all data to/from is denied for 12 hrs (or so). My logs are usually full 
of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute 
force dictionary login attempts. Permanently blacklisting them seems 
like a waste of resources/disk space.

If I could get notified of any IP who sends smtp (TCP/25) traffic to 
more than 5 different destinations/hr(min?) that could be a good script. 
Some of my business clients host their own email server, so that's okay, 
but most clients only need to send to my SMTP server. Automatically 
blocking port25 for certain users who violate this (due to a virus) 
would be good also. I guess this is similar to your #1 and #2 ideas.

A script I think would be neat, but don't have the time to implement it 
now, if a 2-radio routerboard/wrap/whatever could be mounted in the van 
with an omni antenna on the roof (or bumper) connected to the client 
radio, and automatically associate to the nearest non-secure (or secure 
if it has our client WEP key) AP (with a SSID other than 
THENODIALVAN), then nat/rebroadcast on a weaker AP (with a duckie 
antenna), with the SSID of THENODIALVAN then it would be kind of the 
ultimate war driving vehicle. Another script to VPN tunnel into the 
office on demand so the techs could get/file paperwork from their 
laptops.  Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone 
bills to/from the technicians could drop considerably.
Please don't respond to this one telling me how the cops are gonna take 
away my freedoms for connecting to an insecure home wireless network. I 
know its wrong to steal bandwidth, and I don't want a new 100 response 
opinion fest. Please keep your is too/is not to yourself. I know that 
this idea is ethically questionable. Another reason why I won't be 
implementing it any time soon.

Winbox feature wishlist:
I would like to be able to sort my DHCP leases by the comment field.

I would also, for that matter, be able to sort my DHCP leases by the IP 
address (like I could in 2.8). I like the 2.9 capability of assigning a 
dhcp lease to a specific pool, but then sorting by IP address now just 
seems to randomize the order.

If I could sort by IP address, then have all of my bridge leases 
(172.16.x.x) together, all of my customer leases (64.123.x.x) together, 
that would be awesome.
If I could sort by comment, then finding smith, bob then finding 
smith, bob - bridge to see if either/both have an active lease would 
be MUCH easier, and make life much better for my staff.

Pete Davis
NoDial.net

Butch Evans wrote:
 I'd like to throw this out for the weekend.  I want to gather some
 ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS 
 technology.  I have a few that I can think of off the top of my head 
 that I will try to get documented (some possibly for free - to be 
 posted on my website).  For example:

 1. Automated virus detection - this application would need to be able
 to detect virus like activity (whatever that means) and automatically 
 cause the offender - if they are on-net - to be disconnected except 
 for the ability to visit http://housecall.antivirus.com and test to 
 see if they have removed the virus(es) before allowing full access again.

 2. Automatically build a list of valid SMTP servers based on servers
 that have been used to check email (I've done this one several 
 times).  This will prevent those viruses and spam trojans from getting 
 your IP blacklisted if you NAT.

 3. Queue mechanism that implements an automated fair access policy
 (similar to what some of the satellite companies do) - I have done 
 something SIMILAR to this, but implementing this properly will take a 
 bit more work.

 OK...So I've got you started...now step forth with your ideas (either
 implemented already or just a wish-list) and let's come up with some 
 really cool stuff!  While we're at it, you can let me know what you 
 think of the above ideas...are they worth the effort?


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


-- 
WISPA Wireless List: wireless

Re: [WISPA] Cool ideas for RouterOS....

2006-12-30 Thread Butch Evans

On Sat, 30 Dec 2006, Pete Davis wrote:

I would like to see the script equivalent of DenyHosts.  [see 
http://denyhosts.sourceforge.net] whereas if password 
authentication fails (telnet, ssh, ftp) from the same outside IP 5 
(or so) times in a row, that IP gets dynamically added to the 
blacklist address list, and all data to/from is denied for 12 hrs 
(or so). My logs are usually full of failed ssh/ftp logins from 
(virusinfected?) zombie PCs trying brute force dictionary login 
attempts. Permanently blacklisting them seems like a waste of 
resources/disk space.


I am working on this idea currently.  I have an almost complete 
implementation of this already.  I expect that in the next 2 months, 
I will have a fully working version (for 2.8.x I am not sure how I 
will implement the firewall) for 2.9.x.


If I could get notified of any IP who sends smtp (TCP/25) traffic 
to more than 5 different destinations/hr(min?) that could be a good 
script. Some of my business clients host their own email server, so 
that's okay, but most clients only need to send to my SMTP server. 
Automatically blocking port25 for certain users who violate this 
(due to a virus) would be good also. I guess this is similar to 
your #1 and #2 ideas.


This is another good idea, but what I do now (as you mention) 
already does this more or less.  I may look at implementing some of 
these features.


A script I think would be neat, but don't have the time to 
implement it now, if a 2-radio routerboard/wrap/whatever could be 
mounted in the van with an omni antenna on the roof (or bumper) 
connected to the client radio, and automatically associate to the 
nearest non-secure (or secure if it has our client WEP key) AP 
(with a SSID other than THENODIALVAN), then nat/rebroadcast on a 
weaker AP (with a duckie antenna), with the SSID of THENODIALVAN 
then it would be kind of the ultimate war driving vehicle. 
Another script to VPN tunnel into the office on demand so the techs 
could get/file paperwork from their laptops.  Wire in a 
Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the 
technicians could drop considerably.


I've done almost exactly this once already.  Not the part that 
roams to APs not owned by the WISP, but the rest of it.


Winbox feature wishlist: I would like to be able to sort my DHCP 
leases by the comment field.


This will have to be sent to MT directly.  I would like to be able 
to sort other areas by comment as well.  Wireless Registration table 
is an example.


--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool Movie! Tower Demo...

2006-03-27 Thread Blair Davis

What a waste!

I could have used some of those!

Rick Smith wrote:



From another list...

http://www.youtube.com/watch?v=0ZWWTRmOM28feature=Recentpage=4t=tf=b



--
Blair Davis

AOL IM Screen Name --  Theory240

West Michigan Wireless ISP
269-686-8648

A division of:
Camp Communication Services, INC


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Cool it

2005-09-28 Thread George

John Scrivner wrote:

Charles,
Enough! I don't care what you think you can do to harm your competitors 
but you are not doing it on this list server any longer. If you want to 
slam another show competitor do it offlist or on your own list server. 
We are not doing that here, Charles. This thread is 100% closed to 
on-list discussion. If you have a problem with that then contact me 
off-list or find a new list to play on.

Scriv



Yeah, it does not look well when you try to bait wispa to give P15 a 
kick in the nuts.


It's not like any of us are stupid.

I truly believe that most of the WISPA people appreciate P15 as well and 
we don't want to get into the middle of you guys.


We actually prefer to foster a good working relationship with both you 
and P15.


I personally believe you should work out your differences with them, 
it'll be better for both of you.


Sincerely
George
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/