Skynet 185.200.118.0/24 ban range - OpenVPN server intrusion attempts

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

kernol

Very Senior Member
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
 

AndreiV

Very Senior Member
I saw your reports on Abuse IPBD just now , that IP was auto banned by TURRIS a few days ago. I have seen it in the mini pot and honeypot this morning trying multiple credential attacks.

This one 80.243.181.81 needs watching, 223 attempts on SSH in the honey pot so far today.
 

JaimeZX

Senior Member
Negative on any of my routers, thanks for pointing it out. :)
 

ColinTaylor

Part of the Furniture
I had been blocking that range. But moving the OpenVPN server to a non-standard port solves the problem without requiring any scripts. ;)

 
Last edited:

kernol

Very Senior Member
I had been blocking that range. But moving the OpenVPN server to a non-standard port solves the problem without requiring any scripts. ;)

Thanks Colin - always best to use non-standard ports I guess ... so thanks for that reminder :cool:.
ISP should action - offender not just port scanning ... definitely trying to intrude :mad:!
 

CaptainSTX

Part of the Furniture
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
Nothing in my logs from that IP or range.

Only one attempt on the port my server is using.
 

octopus

Very Senior Member
Just curious ... my openvpn.log includes daily attempts from random ip's within the above range.
Some of the ip's used [like the most recent 185.200.118.83] are in the skynet blacklist - while others are not - so I opted to "ban" the entire range.
Despite being in the skynet blacklist - the ip address mentioned was not blocked by skynet - but the login attempt failed anyway.

Anyone else being hit by the range mentioned?
I get some hits to:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
79 3190 DROP all -- eth0 any no-mans-land.m247.com/24 anywhere
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top