What's new

Was I being Hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

JT Strickland

Very Senior Member
I was doing a periodic check on my router, and saw there were 3 then 2 then 1 then 0 UNDEF users logged into my VPN server, and only one person, my accountant, is supposed to come in that door.
I checked my log, and it was filled with these, with varying addresses:

Sep 28 04:38:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS: Initial packet from [AF_INET]45.164.16.135:80 (via [AF_INET].xxx.xxx.xxx%eth0), sid=xxxxxxxx xxxxxxxx
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS Error: TLS handshake failed
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 SIGUSR1[soft,tls-error] received, client-instance restarting

I turned off access to the server, then turned off the server. Scared me, never have seen that before. About all of them were from port 5343, or I assume that's what that is, but the IP varied.
Am I got?
 
It seems somebody found your port and is probing it. Everything is working as intended (TLS negotiation failed) because they didn't authenticate and weren't permitted a connection.

When this happened to me I switched external ports (to a higher port number).
 
Thanks, I will try that. I knew that had "wrong" wrote all over it.
Knowing me, I probably posted that port number.
 
Last edited:
Don't trust accountants!
 
You're using port 80. Tons of bots will scan ports 80/443, so that's a bad idea.
I thought I had changed that, but I will now!
I expected Skynet would catch it, but I suppose it didn't because they were coming in through openvpn.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top