Thu Sep 24, 2020 1:14 pm
You cannot stop these attack unless you can restrict the access to the PPTP service to a pre-defined list of remote IP addresses (which will only reduce the number of attackers anyway). It is also not a good idea to use default user names such as admin or root as the attacker only has the password left to guess.
There are more advanced techniques banning a remote IP address dynamically for hours/days after a certain amount of failed login accounts from that address, but these only protect you from password brute-forcing and if you have a bad day, you can easily to ban yourself. Password bypass attacks (targeting vulnerabilities in the VPN server software) cannot be stopped this way.
So a better aproach is to use a VPN with certificate-based authentication such as IPsec, SSTP or OpenVPN, and then a password-protected account to manage the device itself. So you have two independent layers of security and both need to be cracked to get in.