Your new topic does not fit any of the above??? Check first. Then post here. Thanks.

Moderator: igrr

User avatar
By Timmmy
#85586 Hello, everybody,
I don't even know if I'm in the right forum.
I am trying to post a feature request for the OTA of ESP8266.

Suggestion for improving the OTA function:
To make it harder to brute force attack on the OTA password and to reduce the attack surface of the ESP over the network, I would like to be able to control the OTA better and only enable or disable it on certain events.

What I had in mind is an OTA.end() to meet these requirements.


Greetings
Timmmy
User avatar
By sfranzyshen
#85652
Timmmy wrote:Hello, everybody,
I don't even know if I'm in the right forum.
I am trying to post a feature request for the OTA of ESP8266.

Suggestion for improving the OTA function:
To make it harder to brute force attack on the OTA password and to reduce the attack surface of the ESP over the network, I would like to be able to control the OTA better and only enable or disable it on certain events.

What I had in mind is an OTA.end() to meet these requirements.


Greetings
Timmmy


If you're using the ArduionoOTA then you are in the right place to discuses the idea ... or you could open an issue and make an official request to the project directly ... or you could fork the project, make the changes yourself and make a pull request ... :D

From looking at the source code, I can see two places you could already enable or disable the OTA functions ... the first place is to use the ArduinoOTAClass::onStart to manage the client connections ... or simply if you don't call ArduinoOTAClass::handle() from the loop() function it won't work ...

Code: Select allbool DO_OTA = true; // using code ... change this to false or true to disable or enable OTA

void loop() {
  if(DO_OTA) {
      ArduinoOTA.handle();
  }
}
User avatar
By Timmmy
#86044 Sorry for very very late answer.
I try your hint, but it doesn't work.
I can see the message of the faulty password [OTA_AUTH_ERROR] despite not calling the ArduinoOTA.handle() .
And unfortunately you can't change the OTA port afterwards.

So all trys fails :cry: