Timeout for incorrect login attempts?

[ags]

Is there a way (with OEM or other firmware) to set a timeout for repeated login attempts from the WAN? I enabled logging for dropped packets and see that there are constant attempts to gain access to the router. I if don't want to disable WAN access, I think using a less common port and timeout for incorrect login attempts would dissuade most bots - or at least make it very time consuming.

Is this possible? Is this a common or best practice for security?

 

[RMerlin]

Asus had implemented it a few months ago, but it was causing a lot of issues so they disabled it. Anything running on a local computer and attempting to probe port 80 would result in that computer getting blocked.

IMHO, you should really rely on VPN to get remote access to your router's interface.

 

[ags]

... IMHO, you should really rely on VPN to get remote access to your router's interface.

I think secure VPN access would be great, although I don't have experience setting up a VPN server. From what I've been able to find through research I'm concerned that (at least with standard ASUSWRT firmware) it is more risky than opening the web interface to the router.

Rather than complicate this post with a different topic I've created a new thread here: http://forums.smallnetbuilder.com/showthread.php?p=108125#post108125