Community discussions

 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Ipsec error in Log

Mon Apr 29, 2019 10:36 am

Dears,
kindly your support to explain the below in the log
03:39:34 ipsec,info respond new phase 1 (Identity Protection): "MY IP"[500]<=>216.218.206.118[36735] 
03:39:34 ipsec,error 216.218.206.118 failed to get valid proposal. 
03:39:34 ipsec,error 216.218.206.118 failed to pre-process ph1 packet (side: 1, status 1). 
03:39:34 ipsec,error 216.218.206.118 phase1 negotiation failed. 
06:27:58 pptp,info TCP connection established from 185.156.177.153 
06:27:58 pptp,info TCP connection established from 185.156.177.153 
06:27:58 pptp,info TCP connection established from 185.156.177.153 

is it an attack?
and how can i stop it?
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Ipsec error in Log

Mon Apr 29, 2019 10:44 am

Also what is the TCP connection established towards my router?
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 247
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Ipsec error in Log

Mon Apr 29, 2019 1:32 pm

Also what is the TCP connection established towards my router?
These are connections to your PPTP server. 'TCP connection established' not necessarily means someone was able to get in, it means someone established connection and was able to begin the authentication process.
The same for ipsec errors, although in this case it is clearly visible, attacker failed to authenticate.
If your VPN servers are wide open to whole world, you can't avoid such attacks. If VPN clients have fixed IPs use whitelists, for dynamic IPs use port knocking (search this forum about it). Or use very strong passwords and VPN auditing.
---
Karlis
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Ipsec error in Log

Mon Apr 29, 2019 2:46 pm

Also what is the TCP connection established towards my router?
These are connections to your PPTP server. 'TCP connection established' not necessarily means someone was able to get in, it means someone established connection and was able to begin the authentication process.
The same for ipsec errors, although in this case it is clearly visible, attacker failed to authenticate.
If your VPN servers are wide open to whole world, you can't avoid such attacks. If VPN clients have fixed IPs use whitelists, for dynamic IPs use port knocking (search this forum about it). Or use very strong passwords and VPN auditing.
thank you for your response.
i don't use IPSEC at all how can i disable it?
for PPTP i will do as you said

thanks
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 247
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Ipsec error in Log  [SOLVED]

Mon Apr 29, 2019 3:27 pm

i don't use IPSEC at all how can i disable it?
Review firewall input chain, perhaps you have unnecessary ports or protocols open. Best practice is to close all, except only those you are using.
---
Karlis

Who is online

Users browsing this forum: kevinl and 47 guests