Router log shows lots of attempts to log in that fail, "via web." Would like to confirm that this means the attack is on the port 80 (or 8080?) remote access feature of my hpLite. If so, would a good firewall rule drop packets on TCP 80 that are new when they arrive on the WAN port (Eth1)?
Thanks