Not out of the box, but something to start you with would be http://www.fail2ban.org/wiki/index.php/Main_Page and http://archive09.linux.com/articles/48138 ; if you are creating logs, I highly recommend making sure that it is on a USB and not the device JFFSHey guys, ive been using for a while merlin, and now after some suspicious logs, im looking to do a little script that auto bans an ip for lets say 30 minutes if too many port requests are received from an ip.
any ideas how to do that?
thank you!
How do you know you are being port scanned then? The only thing you will see in the syslog is failed connection/login errors for services you have exposed to the internet. i.e. VPN, FTP, HTTP,etc. Those messages are generated by each service individually. Someone scanning a port that isn't running a service won't generate a message in the syslog.those scripts are banning if someone tries logins. i havent had those, i think. ive had some random packets resembling portscanning. id like to counter portscanning
thanks again
Google-fu brought this up:so no one knows how i can do that?
thank you
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!