What's new

Skynet 185.200.118.0/24 ban range - OpenVPN server intrusion attempts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kernol

Very Senior Member
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
 
I saw your reports on Abuse IPBD just now , that IP was auto banned by TURRIS a few days ago. I have seen it in the mini pot and honeypot this morning trying multiple credential attacks.

This one 80.243.181.81 needs watching, 223 attempts on SSH in the honey pot so far today.
 
Negative on any of my routers, thanks for pointing it out. :)
 
I had been blocking that range. But moving the OpenVPN server to a non-standard port solves the problem without requiring any scripts. ;)

 
Last edited:
I had been blocking that range. But moving the OpenVPN server to a non-standard port solves the problem without requiring any scripts. ;)

Thanks Colin - always best to use non-standard ports I guess ... so thanks for that reminder :cool:.
ISP should action - offender not just port scanning ... definitely trying to intrude :mad:!
 
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
Nothing in my logs from that IP or range.

Only one attempt on the port my server is using.
 
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
I get some hits to:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
79 3190 DROP all -- eth0 any no-mans-land.m247.com/24 anywhere
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top