I like those, and would like to probably implement them myself. Here are
some of my ideas/wishlist.
I would like to see the script equivalent of DenyHosts. [see
http://denyhosts.sourceforge.net] whereas if password authentication
fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a
row, that IP gets dynamically added to the "blacklist" address list, and
all data to/from is denied for 12 hrs (or so). My logs are usually full
of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute
force dictionary login attempts. Permanently blacklisting them seems
like a waste of resources/disk space.
If I could get notified of any IP who sends smtp (TCP/25) traffic to
more than 5 different destinations/hr(min?) that could be a good script.
Some of my business clients host their own email server, so that's okay,
but most clients only need to send to my SMTP server. Automatically
blocking port25 for certain users who violate this (due to a virus)
would be good also. I guess this is similar to your #1 and #2 ideas.
A script I think would be neat, but don't have the time to implement it
now, if a 2-radio routerboard/wrap/whatever could be mounted in the van
with an omni antenna on the roof (or bumper) connected to the "client"
radio, and automatically associate to the nearest non-secure (or secure
if it has "our client" WEP key) AP (with a SSID other than
"THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie
antenna), with the SSID of "THENODIALVAN" then it would be kind of the
"ultimate" war driving vehicle. Another script to VPN tunnel into the
office on demand so the techs could get/file paperwork from their
laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone
bills to/from the technicians could drop considerably.
Please don't respond to this one telling me how the cops are gonna take
away my freedoms for connecting to an insecure home wireless network. I
know its wrong to "steal" bandwidth, and I don't want a new 100 response
opinion fest. Please keep your "is too/is not" to yourself. I know that
this idea is ethically questionable. Another reason why I won't be
implementing it any time soon.
Winbox feature wishlist:
I would like to be able to sort my DHCP leases by the comment field.
I would also, for that matter, be able to sort my DHCP leases by the IP
address (like I could in 2.8). I like the 2.9 capability of assigning a
dhcp lease to a specific pool, but then sorting by IP address now just
seems to randomize the order.
If I could sort by IP address, then have all of my bridge leases
(172.16.x.x) together, all of my customer leases (64.123.x.x) together,
that would be awesome.
If I could sort by comment, then finding "smith, bob" then finding
"smith, bob - bridge" to see if either/both have an active lease would
be MUCH easier, and make life much better for my staff.
Pete Davis
NoDial.net
Butch Evans wrote:
I'd like to throw this out for the weekend. I want to gather some
ideas for IMPLEMENTATIONS you'd like to see with existing RouterOS
technology. I have a few that I can think of off the top of my head
that I will try to get documented (some possibly for free - to be
posted on my website). For example:
1. Automated virus detection - this application would need to be able
to detect virus like activity (whatever that means) and automatically
cause the offender - if they are on-net - to be disconnected except
for the ability to visit http://housecall.antivirus.com and test to
see if they have removed the virus(es) before allowing full access again.
2. Automatically build a list of valid SMTP servers based on servers
that have been used to check email (I've done this one several
times). This will prevent those viruses and spam trojans from getting
your IP blacklisted if you NAT.
3. Queue mechanism that implements an automated fair access policy
(similar to what some of the satellite companies do) - I have done
something SIMILAR to this, but implementing this properly will take a
bit more work.
OK...So I've got you started...now step forth with your ideas (either
implemented already or just a "wish-list") and let's come up with some
really cool stuff! While we're at it, you can let me know what you
think of the above ideas...are they worth the effort?
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
