Community discussions

 
markom
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Thu Dec 17, 2009 10:42 pm

block pptp hacking on wan pptp server port

Thu Aug 01, 2013 5:16 pm

one question if some have idea how to solve it.

I have router with public IP on WAN side. ether 2 is LAN and all works well.
On router I have PPtP server for which is used for our traveling employees. Everyone have username and password to connect to office.

Now some robot detected that my PPtP server is on and on every second try to establish connection and almost every time from some different IP all over the globe.

My log is full with
15:53:43 pptp,info TCP connection established from xxx.xxx.xxx.xxx
15:53:43 pptp,ppp,info <pptp-0>: waiting for call...
15:53:43 pptp,ppp,info <pptp-0>: terminating... - cntrl message too big
15:53:43 pptp,ppp,info <pptp-0>: disconnected

how to make fail to ban on pptp server. One wrong authorization and that IP is going out for 10 days?
 
User avatar
c0d3rSh3ll
Long time Member
Long time Member
Posts: 558
Joined: Mon Jul 25, 2011 9:42 pm
Location: [admin@Chile] >

Re: block pptp hacking on wan pptp server port

Fri Aug 02, 2013 11:17 am

I think to add source to address list like this

ros code

/ip firewall filter
add action=add-src-to-address-list address-list=pptp2 address-list-timeout=10h chain=input comment=pptp connection-state=new disabled=no dst-port=1723 protocol=tcp src-address-list=pptp
add action=add-src-to-address-list address-list=pptp address-list-timeout=10h chain=input connection-state=new disabled=no dst-port=1723 protocol=tcp
nothing

Who is online

Users browsing this forum: No registered users and 75 guests