Community discussions

MikroTik App
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Malicious L2TP requests in log

Thu Mar 02, 2023 9:48 pm

Like this
first L2TP UDP packet received from 154.89.5.115
Though I don't have any L2TP server configured. His this just info that some one is trying to connect even though no server exists?

Image

Image
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Malicious L2TP requests in log

Sun Mar 05, 2023 8:38 pm

I really need to help with tnis. I ran a security test and I got this

Image
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Malicious L2TP requests in log

Sun Mar 05, 2023 10:16 pm

Well, it does seem that even with L2TP server disabled, 1701 is not closed like others, e.g. netmap on unfirewalled device shows:
PORT     STATE         SERVICE
1700/udp closed        mps-raft
1701/udp open|filtered L2TP
1702/udp closed        deskshare
I'm not sure what exactly happens, but you can always use firewall to block access to it.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21303
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Malicious L2TP requests in log

Sun Mar 05, 2023 10:23 pm

Where is your config?????
/export file=anynameyouwish ( minus router serial number and any public WANIP information )

If running vers6 firmware use
/export hide-sensitive file=anynameyouwish ( minus router serial number and any public WANIP information )
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Malicious L2TP requests in log

Mon Mar 06, 2023 4:48 pm

Hey guys. I configured a L2TP VPN and in the process I changed the firewall setting to only accept L2TP packages that are ipsec encrypted. After that I stopped receiving malicious requests in the log. (Have only tried for a while so will keep looking out).

Thanks for feedback btw
 
mrjohn
just joined
Posts: 11
Joined: Mon May 28, 2018 6:13 am

Re: Malicious L2TP requests in log

Wed May 01, 2024 3:47 am

Hi everyone,

I have the same issue. @mdadigital: how to change the firewall setting to only accept L2TP packages that are ipsec encrypted?

Thanks!.

Jo

Who is online

Users browsing this forum: Ahrefs [Bot] and 20 guests