MikroTik

Posted: **Mon Jan 07, 2019 4:09 pm**

Hi,

I use to connect with my network using vpn( l2tp/Ipsec). I noticed connecting attempts from 216.218.206.X network:

vpn1.jpg

vpn3.jpg

vpn2.jpg

That wasn't me for sure.
Could you tell me how can i block whole network (visible on pictures) from attempting to connect with my router ?

Posted: **Mon Jan 07, 2019 4:36 pm**

This network doesnt seems to be on Bogons list.

Should i block this Ip on forward or input chain ?
Actually i have the rule "Drop all from wan" on my input chain. Can somone explain this ?

Posted: **Mon Jan 07, 2019 4:47 pm**

These are scans performed by Shadowserver. The scan does not harm you in any way, but if you want, you can obviously block it in your firewall's input chain, however they have multiple IP addresses and it will be hard to do.

https://isakmpscan.shadowserver.org/

Posted: **Mon Jan 07, 2019 6:07 pm**

Should i place the rule mentioned by Companion before accepting rules for VPN ?
The order would be like :

add action=drop chain=input  in-interface=ether1 src-address=216.218.206.0/24
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=4500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="allow l2tp/ipsec" dst-port=1701 in-interface=ether1 protocol=udp

I do understand what emils mentioned, just asking to make sure this is the proper way to block certain ip from connecting via vpn with my network.

MikroTik

L2tp Ipsec intruders

L2tp Ipsec intruders

Re: L2tp Ipsec intruders

Re: L2tp Ipsec intruders

Re: L2tp Ipsec intruders