ESP8266 Community Forum

Hello, everybody,
I don't even know if I'm in the right forum.
I am trying to post a feature request for the OTA of ESP8266.

Suggestion for improving the OTA function:
To make it harder to brute force attack on the OTA password and to reduce the attack surface of the ESP over the network, I would like to be able to control the OTA better and only enable or disable it on certain events.

What I had in mind is an OTA.end() to meet these requirements.


Greetings
Timmmy

Timmmy wrote:Hello, everybody,
I don't even know if I'm in the right forum.
I am trying to post a feature request for the OTA of ESP8266.

Suggestion for improving the OTA function:
To make it harder to brute force attack on the OTA password and to reduce the attack surface of the ESP over the network, I would like to be able to control the OTA better and only enable or disable it on certain events.

What I had in mind is an OTA.end() to meet these requirements.


Greetings
Timmmy

If you're using the ArduionoOTA then you are in the right place to discuses the idea ... or you could open an issue and make an official request to the project directly ... or you could fork the project, make the changes yourself and make a pull request ...

From looking at the source code, I can see two places you could already enable or disable the OTA functions ... the first place is to use the ArduinoOTAClass::onStart to manage the client connections ... or simply if you don't call ArduinoOTAClass::handle() from the loop() function it won't work ...

Sorry for very very late answer.
I try your hint, but it doesn't work.
I can see the message of the faulty password [OTA_AUTH_ERROR] despite not calling the ArduinoOTA.handle() .
And unfortunately you can't change the OTA port afterwards.

So all trys fails