Hacking: In the Mikrotik logs I see someone else's l2tp|ipsec connection

V

Vladimir Paziy2015-10-14 18:21:18

Mikrotik

Vladimir Paziy, 2015-10-14 18:21:18

Hacking: In the Mikrotik logs I see someone else's l2tp|ipsec connection - is someone on the left connecting?

There is a router RB-951G-2Hnd
There was a need to configure l2tp/ipsec one of these days. I set it up and everything works wonderfully, I didn’t give passwords to anyone, but now I see in the logs:
02:25:18 l2tp, debug, packet rcvd control message from 183.60.48.25:1785
02:25:18 l2tp, debug, packet tunnel- id=0, session-id=0, ns=0, nr=0
02:25:18 l2tp,debug,packet (M) Message-Type=SCCRQ
02:25:18 l2tp,debug,packet (M) Protocol- Version=0x01:00
02:25:18 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25:18 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:18 l2tp,debug, packet Firmware-Revision=0x601
02:25:18 l2tp,debug,packet (M) Host-Name="T450-150520-NB"
02:25:18 l2tp,debug,packet Vendor-Name="Microsoft"
02:25:18 l2tp,debug,packet (M) Assigned-Tunnel-ID=5
02:25:18 l2tp,debug,packet (M) Receive-Window-Size=8
02:25:18 l2tp,info first L2TP UDP packet received from 183.60.48.25
02:25:18 l2tp,debug tunnel 49 entering state: wait-ctl-conn
02:25:18 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:18 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:18 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:18 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:18 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 18 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:18 l2tp,debug,packet Firmware-Revision=0x1
02:25:18 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:18 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:18 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:18 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:19 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:19 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:19 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:19 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:19 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 19 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:19 l2tp,debug,packet Firmware-Revision=0x1
02:25:19 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:19 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:19 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:19 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:20 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:20 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:20 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:20 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:20 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 20 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:20 l2tp,debug,packet Firmware-Revision=0x1
02:25:20 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:20 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:20 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:20 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:22 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:22 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:22 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:22 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:22 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 22 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:22 l2tp,debug,packet Firmware-Revision=0x1
02:25:22 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:22 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:22 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:22 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:26 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:26 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:26 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:26 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:26 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 26 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:26 l2tp,debug,packet Firmware-Revision=0x1
02:25:26 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:26 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:26 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:26 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:34 l2tp,debug ,packet sent control message to 183.60.48.25:1785
02:25:34 l2tp,debug,packet tunnel-id=5, session-id=0, ns=0, nr=1
02:25:34 l2tp,debug,packet (M) Message-Type=SCCRP
02:25:34 l2tp,debug,packet (M) Protocol-Version=0x01:00
02:25:34 l2tp,debug,packet (M) Framing-Capabilities=0x1
02:25: 34 l2tp,debug,packet (M) Bearer-Capabilities=0x0
02:25:34 l2tp,debug,packet Firmware-Revision=0x1
02:25:34 l2tp,debug,packet (M) Host-Name="MikroTik"
02:25:34 l2tp,debug,packet Vendor-Name=" MikroTik"
02:25:34 l2tp,debug,packet (M) Assigned-Tunnel-ID=49
02:25:34 l2tp,debug,packet (M) Receive-Window-Size=4
02:25:42 l2tp,debug tunnel 49 received no replies, disconnecting
02:25:42 l2tp, debug tunnel 49 entering state: dead
During the day, the situation repeats itself, only IP and ports change.
I don’t quite understand, they break or have already been hacked?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton, 2015-10-14
@paziy

Well, the service sticks out - so they knock

A

Alexander M-stream, 2020-08-26
@M-stream

close ports