Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Ryzhkin2017-04-04 12:05:44
VPN
Sergey Ryzhkin, 2017-04-04 12:05:44

How to check Kerio VPN for possible hacks?

Greetings, Comrades!
After I raised VPN on Kerio Control, unhealthy attempts from known sites began to slip in the "Connections" logs.

[29/Mar/2017 03:51:36] [ID] 1399638 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05i.shadowserver.org (216.218.206.102):6460 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[30/Mar/2017 05:08:17] [ID] 274352 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05n.shadowserver.org (216.218.206.122):39886 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[31/Mar/2017 04:35:38] [ID] 764772 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05o.shadowserver.org (216.218.206.126):17210 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2
[01/Apr/2017 03:23:50] [ID] 74512 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05e.shadowserver.org (216.218.206.86):5609 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[02/Apr/2017 03:33:07] [ID] 136069 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05d.shadowserver.org (216.218.206.82):51104 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2
[03/Apr/2017 03:47:07] [ID] 273671 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05g.shadowserver.org (216.218.206.94):64883 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[03/Apr/2017 12:54:28] [ID] 117609 [Rule] Kerio VPN [Service] IKE [Connection] UDP 185-70-130-29.trkmetro.net (185.70.130.29):500 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 490 sec [Bytes] 1600/0/1600 [Packets] 4/0/4
[03/Apr/2017 12:59:45] [ID] 129241 [Rule] Kerio VPN [Service] IKE [Connection] UDP AToulouse-656-1-837-182.w82-125.abo.wanadoo.fr (82.125.86.182):1035 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 488 sec [Bytes] 1456/0/1456 [Packets] 4/0/4
[03/Apr/2017 13:00:05] [ID] 128172 [Rule] Kerio VPN [Service] IKE [Connection] UDP census10.shodan.io (79.177.100.182):5 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 562 sec [Bytes] 1820/0/1820 [Packets] 5/0/5
[04/Apr/2017 04:31:04] [ID] 45125 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05k.shadowserver.org (216.218.206.110):37446 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2

What really confuses me are such attempts to scan, etc. Is this normal and how can I block it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
T
TyzhSysAdmin, 2017-04-04
@Franciz

Fine.
You can block, but is it necessary? And if all clients do not have a static IP, then block all the Internet :)

Similar questions
A
Alex Bond2020-04-27 23:05:58
How to make a proxy through VPN on Mikrotik? 2Reply
E
Edward2015-10-22 19:20:57
How to forward a port in ubuntu 14.04? 2Reply
R
ramjke2015-10-23 10:27:18
How to set up a VPN connection with Windows OS (sstp protocol)? 0Reply
E
Exvel2011-10-10 08:29:42
VPN/IPsec connection diagnostics 4Reply
K
Kirill Zhilyaev2018-03-10 20:46:24
What are the optimal settings to use for a virtual TCP connection over UDP? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question