What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Block IP from accessing VPN?

E

eddiez

Senior Member
Issue:
I have one Chinese IP that is daily 'probing' my PPTP VPN connection. Is there a way to block this IP from eben accessing (appears to from an elementary school...)?

Log entry:
Nov 1 14:59:29 pptpd[13774]: CTRL: Client 123.151.42.61 control connection started
Nov 1 14:59:29 pptpd[13774]: CTRL: EOF or bad error reading ctrl packet length.
Nov 1 14:59:29 pptpd[13774]: CTRL: couldn't read packet header (exit)
Nov 1 14:59:29 pptpd[13774]: CTRL: CTRL read failed
Nov 1 14:59:29 pptpd[13774]: CTRL: Client 123.151.42.61 control connection finished
 
Create a /jffs/scripts/firewall-start script like so:
Code: 
#!/bin/sh

iptables -I INPUT -s 123.151.42.61 -j logdrop
 
This is list of sources that have tried to hack me. A mixture of individual IPs or where appropriate entire ranges.;)
Code: 
#!/bin/sh

iptables -I INPUT -s 45.118.135.107   -j logdrop
iptables -I INPUT -s 66.240.213.93    -j logdrop
iptables -I INPUT -s 72.55.191.222    -j logdrop
iptables -I INPUT -s 77.247.181.162   -j logdrop
iptables -I INPUT -s 80.85.84.75      -j logdrop
iptables -I INPUT -s 104.130.19.164   -j logdrop

# China
iptables -I INPUT -s 14.215.176.148   -j logdrop
iptables -I INPUT -s 14.215.176.149   -j logdrop
iptables -I INPUT -s 42.120.128.0/17  -j logdrop
iptables -I INPUT -s 42.156.128.0/17  -j logdrop
iptables -I INPUT -s 59.174.0.0/15    -j logdrop
iptables -I INPUT -s 113.240.250.156  -j logdrop
iptables -I INPUT -s 118.193.24.0/21  -j logdrop
iptables -I INPUT -s 123.151.148.0/22 -j logdrop
iptables -I INPUT -s 139.162.37.156   -j logdrop
iptables -I INPUT -s 139.162.174.88   -j logdrop
iptables -I INPUT -s 171.36.0.0/14    -j logdrop
iptables -I INPUT -s 175.16.0.0/13    -j logdrop
iptables -I INPUT -s 183.60.48.25     -j logdrop
iptables -I INPUT -s 223.152.233.43   -j logdrop
iptables -I INPUT -s 223.152.252.237  -j logdrop

# census[0-12].shodan.io
iptables -N logshodan
iptables -A logshodan -j LOG --log-prefix "SHODAN "
iptables -A logshodan -j DROP

iptables -I INPUT -s 198.20.87.98   -j logshodan
iptables -I INPUT -s 216.117.2.180  -j logshodan
iptables -I INPUT -s 198.20.69.74   -j logshodan
iptables -I INPUT -s 198.20.69.98   -j logshodan
iptables -I INPUT -s 198.20.70.114  -j logshodan
iptables -I INPUT -s 198.20.99.130  -j logshodan
iptables -I INPUT -s 93.120.27.62   -j logshodan
iptables -I INPUT -s 66.240.236.119 -j logshodan
iptables -I INPUT -s 71.6.135.131   -j logshodan
iptables -I INPUT -s 66.240.192.138 -j logshodan
iptables -I INPUT -s 71.6.167.142   -j logshodan
iptables -I INPUT -s 82.221.105.6   -j logshodan
iptables -I INPUT -s 82.221.105.7   -j logshodan
iptables -I INPUT -s 71.6.165.200   -j logshodan
iptables -I INPUT -s 71.6.146.185   -j logshodan
iptables -I INPUT -s 71.6.158.166   -j logshodan
iptables -I INPUT -s 85.25.43.94    -j logshodan
iptables -I INPUT -s 85.25.103.50   -j logshodan
iptables -I INPUT -s 188.138.9.50   -j logshodan
iptables -I INPUT -s 93.174.95.0/24 -j logshodan
iptables -I INPUT -s 94.102.49.0/24 -j logshodan
 
eddiez said:
Issue:
I have one Chinese IP that is daily 'probing' my PPTP VPN connection. Is there a way to block this IP from eben accessing (appears to from an elementary school...)?
Click to expand...

Any exposed TCP port is going to be knocked on - these are scripts run from server farms around the world... TCP is fast as it does the handshake - so the script rattles the knob, and moves on...

It's not a directed attack just on your PPTP server...

Which being PPTP, probably isn't a good choice these days, in any event...

Actually these days - one must evaluate the need to expose any services in light on the Mirai attacks - the home router is not just the Gateway, it's also the Firewall, and one must understand that - and what is opened up for incoming traffic...
 
Trying to block everyone hitting a public port is mostly a waste of time, because you will have to add new IPs on a daily basis.

This is what the Internet is in 2016 - best you can do is ensure that any exposed service is secured, with secure login info.
 
You must log in or register to reply here.

Similar threads

L
ASUS RT-AX58U - devices kicked-off wifi over 60 times a day
2
Replies
21
Views
2K
ColinTaylor
C
C
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
Replies
3
Views
1K
RMerlin
RMerlin
J
Problems with PPTP connection on cellular
Replies
5
Views
3K
eibgrad
eibgrad
A
Setting up OpenVPN client
Replies
10
Views
2K
ColinTaylor
C
gallahermike
GT-BE98 Pro and OpenVPN problem
Replies
7
Views
1K
gallahermike
gallahermike
Similar threads
Thread starter Title Forum Replies Date
V Does DNS director block port 53 and/or 853 outgoing? Asuswrt-Merlin 3
K Solved "Block internet access" does nothing Asuswrt-Merlin 7
R Addition of Block Internet Access Asuswrt-Merlin 5
K How to block LAN access for a wired device on ASUS Merlin (Firmware 3004.388.8_2)? Asuswrt-Merlin 12
M URL block List Asuswrt-Merlin 5
N IPv6 6RD tunnel block/allow by mac/IP Asuswrt-Merlin 3
elrengo RT-AX88U Pro - Block YouTube on Smart TV Asuswrt-Merlin 13
L "Block internet access" toggle in Client Status GUI doesn't stick Asuswrt-Merlin 3
C Is there any easy solution in Merlin for a VPN server that is hard to block/detect? Asuswrt-Merlin 15
C isp block dns over tls and poison any unencrypted dns resolution Asuswrt-Merlin 14

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 541 (members: 19, guests: 522)
Back
Top