Menu
What's new
By:
Filters Better Search

What is PPTPD?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

X

xaviercharles

Regular Contributor
I noticed in my System Log that there are PPTPD entries. With some of the following concerning entries:-

Oct 10 21:12:34 pptpd[928]: CTRL: Client 183.60.48.25 control connection started
Oct 10 21:12:34 pptpd[928]: CTRL: EOF or bad error reading ctrl packet length.
Oct 10 21:12:34 pptpd[928]: CTRL: couldn't read packet header (exit)
Oct 10 21:12:34 pptpd[928]: CTRL: CTRL read failed


Oct 12 21:11:10 pptpd[1128]: CTRL: Client 183.60.48.25 control connection started
Oct 12 21:11:10 pptpd[1128]: CTRL: EOF or bad error reading ctrl packet length.
Oct 12 21:11:10 pptpd[1128]: CTRL: couldn't read packet header (exit)
Oct 12 21:11:10 pptpd[1128]: CTRL: CTRL read failed
Oct 12 21:11:10 pptpd[1128]: CTRL: Client 183.60.48.25 control connection finished

Oct 13 21:18:54 pptpd[1225]: CTRL: Client 183.60.48.25 control connection started
Oct 13 21:18:54 pptpd[1225]: CTRL: EOF or bad error reading ctrl packet length.
Oct 13 21:18:54 pptpd[1225]: CTRL: couldn't read packet header (exit)
Oct 13 21:18:54 pptpd[1225]: CTRL: CTRL read failed
Oct 13 21:18:54 pptpd[1225]: CTRL: Client 183.60.48.25 control connection finished

Oct 14 21:18:47 pptpd[1322]: CTRL: Client 183.60.48.25 control connection started
Oct 14 21:18:47 pptpd[1322]: CTRL: EOF or bad error reading ctrl packet length.
Oct 14 21:18:47 pptpd[1322]: CTRL: couldn't read packet header (exit)
Oct 14 21:18:47 pptpd[1322]: CTRL: CTRL read failed
Oct 14 21:18:47 pptpd[1322]: CTRL: Client 183.60.48.25 control connection finished

Oct 15 04:17:29 pptpd[1351]: CTRL: Client 206.47.252.49 control connection started
Oct 15 04:17:29 pptpd[1351]: CTRL: EOF or bad error reading ctrl packet length.
Oct 15 04:17:29 pptpd[1351]: CTRL: couldn't read packet header (exit)
Oct 15 04:17:29 pptpd[1351]: CTRL: CTRL read failed
Oct 15 04:17:29 pptpd[1351]: CTRL: Client 206.47.252.49 control connection finished

Oct 15 21:17:23 pptpd[1422]: CTRL: Client 183.60.48.25 control connection started
Oct 15 21:17:23 pptpd[1422]: CTRL: EOF or bad error reading ctrl packet length.
Oct 15 21:17:23 pptpd[1422]: CTRL: couldn't read packet header (exit)
Oct 15 21:17:23 pptpd[1422]: CTRL: CTRL read failed
Oct 15 21:17:23 pptpd[1422]: CTRL: Client 183.60.48.25 control connection finished

Oct 17 21:17:23 pptpd[1666]: CTRL: Client 183.60.48.25 control connection started
Oct 17 21:17:23 pptpd[1666]: CTRL: EOF or bad error reading ctrl packet length.
Oct 17 21:17:23 pptpd[1666]: CTRL: couldn't read packet header (exit)
Oct 17 21:17:23 pptpd[1666]: CTRL: CTRL read failed
Oct 17 21:17:23 pptpd[1666]: CTRL: Client 183.60.48.25 control connection finished

I've run a reverse ip lookup on both 183.60.48.25 and 206.47.252.49

183.60.48.25 Seems to be from China Telecom Guangdong

206.47.252.49 Seems to be from Bell Canada
 
It's the PPTP VPN server, which comes with both stock and modded firmwares. You probably enabled it, and random people are trying to connect to it in hope of being able to get in.

You shouldn't enable VPN servers if you're not using it, as this is a potential security risk.
 
I was getting the same from the .25 address as I use the VPN I added a rule to not allow connection from it


DROP all -- 183.60.48.25 anywhere


Are these addresses targeting the free Asus DNS domain?
 
clvk07 said:
I was getting the same from the .25 address as I use the VPN I added a rule to not allow connection from it


DROP all -- 183.60.48.25 anywhere


Are these addresses targeting the free Asus DNS domain?
Click to expand...

No, because they have no way of having a list of the registered hostnames. This is most likely just a random port scanner targeting large IP ranges.
 
Hi,

I'm a NOOB here, just joined because of exactly the same issue.

I'm also new to the RT-N66U, only had it a couple of months so not familiar with my way around it yet.

I'm currently running Asus 3.0.0.4.374_979 and seeing regular attempts from 183.60.48.25 to gain access to my VPN.

You mention a rule: DROP all -- 183.60.48.25 anywhere - how do I implement it please? Can I block an entire class C or B? Do I need to upgrade to Merlin firmware? The latest Asus 2239? or simply in the current firmware?

As an answer to a previous comment above - I'm not on the free Asus DNS domain but my own static IP. Maybe they're attacking everyone!?!

Sorry for so many questions!

Regards

Aaron
 
You must log in or register to reply here.

Similar threads

J
Problems with PPTP connection on cellular
Replies
5
Views
2K
eibgrad
eibgrad
C
OVPN Timeout "SIGUSR1[soft,ping-restart]"
Replies
0
Views
2K
callefreddan
C
S
Micro disconnects, cant find source
Replies
11
Views
1K
saeris
S
Voxel
Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.42SF-HW
Replies
2
Views
529
nordicboy
N
V
Unable to get NordVPN to work with Asus RT-AX82U
Replies
1
Views
780
Befuddled
B

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 668 (members: 14, guests: 654)
Top