PPTP authorization attempts from the Internet, how to close?

D

Dmitry2019-07-09 15:04:38

Mikrotik

Dmitry, 2019-07-09 15:04:38

Good afternoon, there is a Mikrotik of the 951st series, which receives the Internet via ppoe, while having a strictly fixed address from the provider. On the router, access via pptp is open for several people to work from home.
From time to time, messages appear in the logs that a tcp connection has been established from such and such an address, and the enumeration of standard logins begins. Screenshot of the log below. I would like to somehow cover this hole, is there a way? I understand that pptp is not very secure in terms of security, but maybe there are ways besides setting up another remote access?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2019-07-09
@Swapych

On the router, access via pptp is open for several people to work from home.
From time to time, messages appear in the logs that a tcp connection has been established from such and such an address, and the enumeration of standard logins begins. Screenshot of the log below. I would like to somehow cover this hole, is there a way?

So you yourself opened access to everyone.
Solution:
0) fail2ban implementation based on address sheets (3 attempts, if not successful - temporary ban)
1) complex passwords
2) white lists of ip addresses from which you can connect (if the addresses are not static, then only option 1 remains)
3) all previous options together

X

Xander Milonovsky, 2019-07-10
@crilaxes

l2tp/ipsec, while the clientele is small, then it will be more difficult to transfer everyone if the company plans to scale.