On Sat, 30 Dec 2006, Pete Davis wrote:
I would like to see the script equivalent of DenyHosts. [see http://denyhosts.sourceforge.net] whereas if password authentication fails (telnet, ssh, ftp) from the same outside IP 5 (or so) times in a row, that IP gets dynamically added to the "blacklist" address list, and all data to/from is denied for 12 hrs (or so). My logs are usually full of failed ssh/ftp logins from (virusinfected?) zombie PCs trying brute force dictionary login attempts. Permanently blacklisting them seems like a waste of resources/disk space.
I am working on this idea currently. I have an almost complete implementation of this already. I expect that in the next 2 months, I will have a fully working version (for 2.8.x I am not sure how I will implement the firewall) for 2.9.x.
If I could get notified of any IP who sends smtp (TCP/25) traffic to more than 5 different destinations/hr(min?) that could be a good script. Some of my business clients host their own email server, so that's okay, but most clients only need to send to my SMTP server. Automatically blocking port25 for certain users who violate this (due to a virus) would be good also. I guess this is similar to your #1 and #2 ideas.
This is another good idea, but what I do now (as you mention) already does this more or less. I may look at implementing some of these features.
A script I think would be neat, but don't have the time to implement it now, if a 2-radio routerboard/wrap/whatever could be mounted in the van with an omni antenna on the roof (or bumper) connected to the "client" radio, and automatically associate to the nearest non-secure (or secure if it has "our client" WEP key) AP (with a SSID other than "THENODIALVAN"), then nat/rebroadcast on a weaker AP (with a duckie antenna), with the SSID of "THENODIALVAN" then it would be kind of the "ultimate" war driving vehicle. Another script to VPN tunnel into the office on demand so the techs could get/file paperwork from their laptops. Wire in a Lingo/Vonage/whatever VOIP phone, and cell phone bills to/from the technicians could drop considerably.
I've done almost exactly this once already. Not the part that "roams to APs not owned by the WISP", but the rest of it.
Winbox feature wishlist: I would like to be able to sort my DHCP leases by the comment field.
This will have to be sent to MT directly. I would like to be able to sort other areas by comment as well. Wireless Registration table is an example.
-- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html -- WISPA Wireless List: email@example.com Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/