Menu
What's new
By:
Filters Better Search

Instant Guard IPsec VPN Log Showing Regular Access Attempts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

Ceejus

Occasional Visitor
For the past 7 days now, I've seen what appears to be intermittent access attempts in my Instant Guard log. The most recent from today:

Mar 3 07:47:55 06[NET] received packet: from 45.83.66.29[27647] to 96.x.x.x[500] (336 bytes)
Mar 3 07:47:55 06[ENC] parsed ID_PROT request 0 [ SA ]
Mar 3 07:47:55 06[IKE] 45.83.66.29 is initiating a Main Mode IKE_SA
Mar 3 07:47:55 06[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768
Mar 3 07:47:55 06[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Mar 3 07:47:55 06[IKE] no proposal found
Mar 3 07:47:55 06[ENC] generating INFORMATIONAL_V1 request 2439795631 [ N(NO_PROP) ]
Mar 3 07:47:55 06[NET] sending packet: from 96.x.x.x[500] to 45.83.66.29[27647] (56 bytes)
Mar 3 07:47:56 05[NET] received packet: from 45.83.64.14[2490] to 96.x.x.x[500] (336 bytes)
Mar 3 07:47:56 05[ENC] parsed ID_PROT request 0 [ SA ]
Mar 3 07:47:56 05[IKE] 45.83.64.14 is initiating a Main Mode IKE_SA
Mar 3 07:47:56 05[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768
Mar 3 07:47:56 05[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Mar 3 07:47:56 05[IKE] no proposal found
Mar 3 07:47:56 05[ENC] generating INFORMATIONAL_V1 request 4055424991 [ N(NO_PROP) ]
Mar 3 07:47:56 05[NET] sending packet: from 96.x.x.x[500] to 45.83.64.14[2490] (56 bytes)
Mar 3 09:52:39 08[NET] received packet: from 58.212.237.74[59330] to 96.x.x.x[500] (216 bytes)
Mar 3 09:52:39 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Mar 3 09:52:39 08[IKE] 58.212.237.74 is initiating an IKE_SA
Mar 3 09:52:39 08[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
Mar 3 09:52:39 08[IKE] sending cert request for "C=TW, O=ASUS, CN=ASUS x Root CA"
Mar 3 09:52:39 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) V ]
Mar 3 09:52:39 08[NET] sending packet: from 96.x.x.x[500] to 58.212.237.74[59330] (277 bytes)
Mar 3 09:52:41 07[NET] received packet: from 220.250.10.45[18217] to 96.x.x.x[500] (216 bytes)
Mar 3 09:52:41 07[IKE] received retransmit of request with ID 0, retransmitting response
Mar 3 09:52:41 07[NET] sending packet: from 96.x.x.x[500] to 220.250.10.45[18217] (277 bytes)
Mar 3 09:53:09 06[JOB] deleting half open IKE_SA with 58.212.237.74 after timeout
Mar 3 12:25:42 06[NET] received packet: from 167.248.133.53[42805] to 96.x.x.x[500] (336 bytes)
Mar 3 12:25:42 06[ENC] parsed ID_PROT request 0 [ SA ]
Mar 3 12:25:42 06[IKE] 167.248.133.53 is initiating a Main Mode IKE_SA
Mar 3 12:25:42 06[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Mar 3 12:25:42 06[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Mar 3 12:25:42 06[IKE] no proposal found
Mar 3 12:25:42 06[ENC] generating INFORMATIONAL_V1 request 630577843 [ N(NO_PROP) ]
Mar 3 12:25:42 06[NET] sending packet: from 96.x.x.x[500] to 167.248.133.53[42805] (56 bytes)
Mar 3 12:25:42 05[NET] received packet: from 167.248.133.53[56982] to 96.x.x.x[500] (392 bytes)
Mar 3 12:25:42 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Mar 3 12:25:42 05[IKE] 167.248.133.53 is initiating an IKE_SA
Mar 3 12:25:42 05[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072
Mar 3 12:25:42 05[IKE] DH group MODP_768 unacceptable, requesting MODP_3072
Mar 3 12:25:42 05[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) V ]
Mar 3 12:25:42 05[NET] sending packet: from 96.x.x.x[500] to 167.248.133.53[56982] (58 bytes)
Mar 3 12:25:42 08[NET] received packet: from 167.248.133.53[59685] to 96.x.x.x[500] (680 bytes)
Mar 3 12:25:42 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Mar 3 12:25:42 08[IKE] 167.248.133.53 is initiating an IKE_SA
Mar 3 12:25:42 08[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072
Mar 3 12:25:42 08[IKE] sending cert request for "C=TW, O=ASUS, CN=ASUS x Root CA"
Mar 3 12:25:42 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) V ]
Mar 3 12:25:42 08[NET] sending packet: from 96.x.x.x[500] to 167.248.133.53[59685] (561 bytes)
Mar 3 12:26:12 06[JOB] deleting half open IKE_SA with 167.248.133.53 after timeout

This looks highly suspicious to me. The only device I have set up to access Instant Guard is my phone, which I have not yet used Instant Guard on. I can't possibly think of any other valid reason for this activity beyond someone out there attempting to gain unauthorized access into my LAN through Instant Guard though perhaps there is a logical explanation here?
 
ColinTaylor said:
Normal port scanning. Welcome to the internet.
Click to expand...
So bad actors finding the IKE and NAT-T ports open during port scans in other words. Reason to be concerned? I suppose I could just shut down IPsec altogether since I already use OpenVPN and Wireguard. Wanted to keep all three running as backup options.
 
You must log in or register to reply here.

Similar threads

B
Can't connect Widows 10 machine to ASUS RT-AX58U using IPSec
Replies
2
Views
261
Bosse64
B
K
Help with IPSEC connection in ASUS RT-AX3000
Replies
8
Views
1K
rung
R
W
RT-AX86U with latest version 3004.388.8_2 always crash and reboot
2
Replies
35
Views
4K
Ripshod
Ripshod
E
site to site ipsec vpn (ie with oracle oci)
Replies
0
Views
2K
evlo
E
delikid
RT-AX86U - log entry changes from FEB to MAY for 6 seconds?
Replies
2
Views
1K
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
F Trick to getting ipsec working in windows 11? VPN 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 607 (members: 15, guests: 592)
Top