Hello.
I am having PPTP tunnel for my users, but seems like I got a lot of brute forces recently.
How to add an IP to a blacklist after let say 3 sequential tries ?
Re: They bruteforce me, how to blacklist ?
PPTP should be avoided. Not secure at all.
Setup IPSec L2TP
Here is a script for IPSec L2TP
viewtopic.php?p=743875#p743875
Setup IPSec L2TP
Here is a script for IPSec L2TP
viewtopic.php?p=743875#p743875
Re: They bruteforce me, how to blacklist ?
I wish to go with PPTP since it's already used thing, and switching among the external users will be quite messy work.
Is there a way to log and block the users which trying to enter with incorrect credentials ?
or
ignore logins which is outside some sort of whitelist if possible ?
Is there a way to log and block the users which trying to enter with incorrect credentials ?
or
ignore logins which is outside some sort of whitelist if possible ?
Re: They bruteforce me, how to blacklist ?
Quick search, see this post for reference.
viewtopic.php?t=149256#p734754
Add the IP port being used for PPTP (TCP/1723 ?).
Successful logins might also appear on that level 1 list but as long as they are successful, they should never hit level 2.
Otherwise play with the timeouts etc.
Be sure to test properly and make SURE you have a local escape path using another port so you do not lock yourself out when setting this up.
But I agree with jotne not to use PPTP anymore...
We're not using clay tablets anymore either, do we ?
Look at it from another angle... why do you think you're getting bruteforced using that port ? Because PPTP is "relatively" easy to crack, that's why they try. Sooner or later someone will hit the magic section and then you're so out of luck ...
No need to change all at once. You can also do it gradually.
But sooner or later you will have to. Better now. Inconvenience is rarely a good reason to postpone.
My view.
viewtopic.php?t=149256#p734754
Add the IP port being used for PPTP (TCP/1723 ?).
Successful logins might also appear on that level 1 list but as long as they are successful, they should never hit level 2.
Otherwise play with the timeouts etc.
Be sure to test properly and make SURE you have a local escape path using another port so you do not lock yourself out when setting this up.
But I agree with jotne not to use PPTP anymore...
We're not using clay tablets anymore either, do we ?
Look at it from another angle... why do you think you're getting bruteforced using that port ? Because PPTP is "relatively" easy to crack, that's why they try. Sooner or later someone will hit the magic section and then you're so out of luck ...
No need to change all at once. You can also do it gradually.
But sooner or later you will have to. Better now. Inconvenience is rarely a good reason to postpone.
My view.
Re: They bruteforce me, how to blacklist ?
Hmm.. how to change it gradually ?
You mean that the two types of tunneling to co-exists for some time ? Wouldn't be there any kind of issue ?
You mean that the two types of tunneling to co-exists for some time ? Wouldn't be there any kind of issue ?
Re: They bruteforce me, how to blacklist ?
No problem to have different tunnel types.
Setup IPSec/L2TP alongside with PPTP.
Then move 1 by 1 over to the new secure solution.
Setup IPSec/L2TP alongside with PPTP.
Then move 1 by 1 over to the new secure solution.
-
-
joegoldman
Forum Veteran
- Posts: 767
- Joined:
Re: They bruteforce me, how to blacklist ?
To answer the more real question - as the same problem exists for l2tp (my logs fill up all the time people trying to connect)
You can definitely put a whitelist on using an address-list for accepted clients, then only allow connections on TCP/1723 from src-address-list of that whitelist.
Or what I like to do is a bruteforce filter using the same concept as the ssh one just changing the dst-port, or a newer way using connection rate limit option.
You can definitely put a whitelist on using an address-list for accepted clients, then only allow connections on TCP/1723 from src-address-list of that whitelist.
Or what I like to do is a bruteforce filter using the same concept as the ssh one just changing the dst-port, or a newer way using connection rate limit option.
Who is online
Users browsing this forum: No registered users and 35 guests