1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firmware modification request. Shibby, victek, tostman and others.

Discussion in 'Tomato Firmware' started by kthaddock, Jun 11, 2011.

  1. kthaddock

    kthaddock Network Guru Member

    I’m using FTp server and have turned on “Limit Connection Attempts” but it’s not working as it should.
    When you have connect ex to FTP server then function recognize I’m connected and reject me after ex 6 attempts and 40 seconds even when I’m logged in. If I’m hammered by any asian hackers and they are blocked out then I have to wait 40 seconds to log in.

    Is it possible to have “Recent module” added to tomato then it’s possible to use, fraters logbrute protect, possibility to use it with, SSH, FTP, TELNET, vsftpd and other ports.

    iptables -N bruteprotect
    iptables -A bruteprotect -m recent --set --name BRUTEFORCE --rsource
    iptables -A bruteprotect -m recent ! --update --seconds 60 --hitcount 4 --name BRUTEFORCE --rsource -j RETURN
    iptables -A bruteprotect -j LOG --log-prefix "[DROP BRUTEFORCE] : " --log-tcp-options --log-ip-options
    iptables -A bruteprotect -j DROP

    I hope it’s possible to implement this in tomato firmware in the future.
    Thank you !
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Wasn't the "recent" module only used in the "basic" method, which was actually deprecated ?

    The other methods ( "The Elegant Way of Implementing Protection ") which can be used with any open port don't need any extra module, if I read the article correctly.

    Ping flood is already covered.
  3. kthaddock

    kthaddock Network Guru Member

    No "Recent" in the new way to implement bruteprotect. When one attacker is blocked out I still can connect to my share. You can read more in my post in dd-wrt board.


    Allows you to dynamically create a list of IP addresses and then match against that list in a few different ways.
    For example, you can create a 'badguy' list out of people attempting to connect to port 139 on your firewall and
    then DROP all future packets from them without considering them.

  4. Toastman

    Toastman Super Moderator Staff Member Member

    Yes, an interesting discussion. "Recent" might be a good addition.
  5. kthaddock

    kthaddock Network Guru Member

    Yes it is, working very good in dd-wrt and makes you login and use with no reject issue.
  6. Victek

    Victek Network Guru Member

    I'm working in 'something' very close (it's foreseen for more options as you described), if you see OpenWRT there is a 'visual iptables rules' composer for noobs, if you have 'near clear' idea what you need you can script easily using this GUI tool. I think it can fully agree with many comments I read in the forum about block,forward,drop,accept. Your script is very easy to be implemented, just enter it in schedule section with a cron triggered by the attack.
  7. valerima

    valerima LI Guru Member

    what to add

    I am happy with firmwares especially when so wide range of possibilities exist. It is a good thing to have a choice...For example I do not need VPN, so try to use minimum and rock solid.
    People I am contacting wish to have a bit changed menue , similar to DD-Wrt as existing flexibility is a bit tricky- for example -you are looking for some feature - but it already is hidden...
  8. gingernut

    gingernut LI Guru Member

    On the Administration --> Admin Access menu page there is an option to open all menus if you wish.

Share This Page