Answer the question
In order to leave comments, you need to log in
How to check Kerio VPN for possible hacks?
Greetings, Comrades!
After I raised VPN on Kerio Control, unhealthy attempts from known sites began to slip in the "Connections" logs.
[29/Mar/2017 03:51:36] [ID] 1399638 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05i.shadowserver.org (216.218.206.102):6460 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[30/Mar/2017 05:08:17] [ID] 274352 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05n.shadowserver.org (216.218.206.122):39886 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[31/Mar/2017 04:35:38] [ID] 764772 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05o.shadowserver.org (216.218.206.126):17210 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2
[01/Apr/2017 03:23:50] [ID] 74512 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05e.shadowserver.org (216.218.206.86):5609 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[02/Apr/2017 03:33:07] [ID] 136069 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05d.shadowserver.org (216.218.206.82):51104 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2
[03/Apr/2017 03:47:07] [ID] 273671 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05g.shadowserver.org (216.218.206.94):64883 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 480 sec [Bytes] 92/84/176 [Packets] 1/1/2
[03/Apr/2017 12:54:28] [ID] 117609 [Rule] Kerio VPN [Service] IKE [Connection] UDP 185-70-130-29.trkmetro.net (185.70.130.29):500 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 490 sec [Bytes] 1600/0/1600 [Packets] 4/0/4
[03/Apr/2017 12:59:45] [ID] 129241 [Rule] Kerio VPN [Service] IKE [Connection] UDP AToulouse-656-1-837-182.w82-125.abo.wanadoo.fr (82.125.86.182):1035 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 488 sec [Bytes] 1456/0/1456 [Packets] 4/0/4
[03/Apr/2017 13:00:05] [ID] 128172 [Rule] Kerio VPN [Service] IKE [Connection] UDP census10.shodan.io (79.177.100.182):5 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 562 sec [Bytes] 1820/0/1820 [Packets] 5/0/5
[04/Apr/2017 04:31:04] [ID] 45125 [Rule] Kerio VPN [Service] IKE [Connection] UDP scan-05k.shadowserver.org (216.218.206.110):37446 -> KERIO-SRV-01.local (<внешний адрес>):500 [Iface] Internet [Duration] 481 sec [Bytes] 92/84/176 [Packets] 1/1/2
Answer the question
In order to leave comments, you need to log in
Fine.
You can block, but is it necessary? And if all clients do not have a static IP, then block all the Internet :)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question