WAN Connection Reporting (TCP/UDP inbound) to Router from Internet

[SkierInAvon]

Asus Merlin - am looking for an inbound WAN (reporting script?) that I can run in the JFFS partition.
Script would make a daily report (text file?) of the inbound TCP/UDP connections into the WAN Interface of the Router from the Internet.
Example: If there is a particular IP address that keeps (hitting say... 100+ connection requests) to the WAN Interface of the Asus - I'd like a report of those busy connections...so that I can BLOCK those inbound TCP/UDP connection requests from the Internet. I don't want a report of every connection request - just the busy ones... I have a script running now in the JFFS partition that blocks connection requests from the Internet...I'd just like to learn more about what IP addresses are "constantly hitting on my WAN interface from the Internet"...I get reports from my Barracuda SPAM firewall - HOWEVER those daily reports only monitor (inbound) SMTP (port 25) connections on the Asus WAN Interface. I'm currently "blind" when it comes to any other (excessive) TCP/UDP connection request from the Internet - if any other Port is probing my Asus WAN Interface. It would be awesome if Asus/Merlin had a (new setting) for the WAN Interface - such that we could set (say... 100 inbound connection requests over say 1 minute) then tell the Asus WAN Interface to automatically "drop any/all inbound TCP/UDP connection requests"...from that specific IP address.

Comments? Ideas? Bash Scripts? Suggestions?
Thanks!

 

[ColinTaylor]

It would be awesome if Asus/Merlin had a (new setting) for the WAN Interface - such that we could set (say... 100 inbound connection requests over say 1 minute) then tell the Asus WAN Interface to automatically "drop any/all inbound TCP/UDP connection requests"...from that specific IP address.

Apart from services that you have deliberately opened to the internet, all unsolicited incoming traffic is dropped automatically by the firewall.

 

[SkierInAvon]

Thanks for your reply...however it's NOT 100% accurate. In order for that to be TRUE a user would have to proactively SET the Asus Firewall Settings to:
1 - enable firewall
2 - enable DoS protection
3 - don't respond to ICMP (ping) request to the WAN port from the Internet.
See attached JPG for the Asus/Merlin settings.
If anyone has other thoughts/comments - I'd sure like to read them.

 

[ColinTaylor]

Perhaps I should have said "by default". I can't remember whether ICMP responses are enabled by default, but the firewall is and it's default action is to drop all unsolicited incoming packets. This is true whether you have enabled DoS protection or not. So the only thing you need to be concerned about is services you have deliberately opened to the internet.