All is in the title
All is in the title
Yes, there is.
It's called fail2ban.
1 Like
Ok but where do you download it ?
And I wonder if it is useful when we opened no port (?)
It's not useful if SSH is disabled on WAN and you don't suspect someone to hack it from inside your network.
1 Like
No, there is only me on my network ...
But how do I know if SSH is disabled on WAN ?
If you did not enable it, it's disabled 
Check this out.
1 Like
Hi,
SSH access in the WAN port is disabled by defaul.
OK but may that help to protect my network, as my phone is with android 10, ended support
The only way to protect your phone is by upgrading to an supported Android.
SSH is totally unrelated to your network itself.
2 Likes
Yes but the question is not to protect my phone, it is to protect my network from my phone, and I do it in part by avoiding to have both connected together to internet by my router. (phone by wireless and computer by ethernet) I kept my ISP's box as bridge close to the entry.
You can't protect your network if your device inside it is tampered.
Put your phone in isolated guest network. Keep the main LAN as management network.
1 Like
And how to make this guest wireless being "isolated" ?
Guest network is isolated by default.
Please try to be nice. A thanks for the hint and a follow up question that shows a little encouragement to find an answer yourself would be nice. I do not owe you a solution.
Based on this I'll try to be as friendly as possible:
Oh look, an official page with the explanation of the guest network page. And a screenshot wit an button 'client isolation'. And an (i) button for even more information...
3 Likes
First Time Setup - GL.iNet Router Docs 3 > nothing like you describe here
I cannot thank for a hint that I can't clearly understand.
First post: All in title -> wrong ... No device, no firmware, no explanation of an attach vector.
The correct answer is: From the WAN side SSH is not enabled by default. It is secure.
Fail2ban was suggested. This is the default first line of defense, if you want to 'secure' a webservice exposed to a unsecure environment. It has flaws, but okay.
You are using an outdated and unmaintained phone, this is a security issue. No solution will protect you from this issue. The Information comes still drop by drop ...
One idea is to send it to guest network. This IS a valid solution, on the given information.
I am provided even the documentation link, to the actual and maintained firmware. Your answer is a link to the outdated firmware...
So I really hope you understand why I am out.
An unmaintained phone to a legacy router firmware, and you want to secure it against a not explained thread?
Which malicious phone tries to connect via SSH and what harm could it do on an embedded busybox environment?
I thank you for your time to read until here, even if I really don't understand your point. See, it is easy to say thank you.
3 Likes
I bought an Opal, new, one month ago, I guess it is still supported, so how have I not the last firmware ?
Guest network is isolated, only if I get the last firmware, right ?
Guest network is always isolated. That is why it's called Guest network.
Firmware are unique for each device. So "last firmware" for Opal is the last one available.
https://dl.gl-inet.com/router/sft1200/
Ok but why is there a button to check "Client isolation" or not ? Button I have not found on my interface though I have well the last firmware (4.3.17)