0
Votes

IPS and other intrusion systems all linked and shared with other OMADA devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
0
Votes

IPS and other intrusion systems all linked and shared with other OMADA devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPS and other intrusion systems all linked and shared with other OMADA devices
IPS and other intrusion systems all linked and shared with other OMADA devices
2023-08-29 00:48:47
Model: ER8411  
Hardware Version:
Firmware Version:

 

Hear me out here.

 

Lets say my OMADA detects a flood attack from a specific IP. Then auto blocks said IP. Now what if that IP is sent to a central list on the " cloud ". Now other OMADA users routers can get that IP, and add to a block list.

 

Example, my OMADA network gets attacked by IP 34.23.22.13. My equipment auto blocks it and sends that IP to a global list.  Joe Dirt living in Germany has his OMADA system configured to access that list, and thus pre adds that bad IP. 

 

I'm explaining it kinda simple, and it would be more then just the type of attack I used as example.It would be anything that would benefit others by sharing it.   There would need some kinda of protection to prevent "bad" OMADA users from injecting legit or good IP's. Example, little Joie getting all the GOOGLE IP's put on the block list.  This can be solved by requiring XX OMADA systems to add a blocked IP. Example, it would require 130 OMADA managed networks to report the same bad IP / attack. 

I feel something like this would add value to the OMADA line.

 

It could also be controlled if the OMADA user wants to participate, and what lists they want to be linked in. Example, Global, Asia, S-America,,, OR if someone just wants the list internal. That last one, internal, would apply to those with many sites in one OMADA controller. Example, I have 32 sites on my OMADA controller. So in my case, the attak list would cover all 32 sites connected to my controller. 

 

#1
Options
2 Reply
Re:IPS and other intrusion systems all linked and shared with other OMADA devices
2023-08-29 02:34:47

Hi @DaKings 

Thanks for posting in our business forum.

For the first part, a list on our cloud that blocks IPs that may initiate potential attacks. From my point of view, I don't think we would add it. First, not to mention, this definitely requires human resources to maintain it and check and unban IP addresses if someone reports his/her IP is banned or on the blocklist.

Second, if someone's IP is hijacked by the hacker and used to initiate attacks, that would cause trouble for us as well.

 

Or we get a plan from a database for the list of IP addresses known as "attackers", which would cost a subscription for frequent updates. This is also not planned or desired. If customers are open to getting charged for that, probably would be possible. Like Deco, we have the database but require Deco HomeShield Pro, a paid subscription.

 

In the end, probably would be ideal for us to add an import function so that people can import a .csv or something like .txt so that you can implement the IP address you want.

Sync with the server would cause legal trouble and we gotta change the terms and conditions. And a bunch of things gotta be considered.

Cost of servers, human maintenance, database, terms and conditions, legality, hardware consumption on the software/hardware controller, and from time to time sync with the server, is this okay to most users?

 

From your point, it would be best for multiple users to verify the IP addresses. But not sure if so many people would care to do that.

From my understanding of our product and a point of product development, would be ideal to give an import option and you maintain the list.

Maybe it would become a feature on Omada Pro, who knows?

Thanks for your feedback and will record it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#2
Options
Re:IPS and other intrusion systems all linked and shared with other OMADA devices
2023-08-29 16:17:49

  @DaKings 

 

Sounds like TP-link is using Suricata for their IPS/IDS on their routers... which they do keep their own lists updated.  

 

TP-Link trying to reinvent the wheel isn't something I can see them doing.  

I can not teach anyone anything - I can only make them think - Socrates
#3
Options