Botnets like mariposa [1] are scanning for hosts with the OpenVPN port used by default (UDP/1149) [2]. They use to target these kind of services (SSH, OpenVPN, PPTP Vpns, ...) to get access using dictionary and brute force attacks. You can change the port used by OpenVPN or some tool like fail2ban [3] to block these attacks. [1] https://www.mcafee.com/enterprise/en-us/threat-intelligence.intc.html?vid=bo... [2] https://twitter.com/bad_packets/status/1004660329085726721 [3] https://peaksandprotocols.com/mitigating-an-openvpn-brute-force-attack-with-... On 12/12/2018 16:29, Per Jessen wrote:
I see in our logs that one of our VPNs is being attacked, brute force style. Every second or so:
2018-12-12T16:24:26+01:00 calcium openvpn[1843]: 185.29.120.59:3518 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2018-12-12T16:24:26+01:00 calcium openvpn[1843]: 185.29.120.59:3518 TLS Error: TLS handshake failed
A wide range of IP addresses.
Is there any point to this?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org