MikroTik

Community discussions
https://forum.mikrotik.com/

Security problems

https://forum.mikrotik.com/viewtopic.php?t=77112

Page 1 of 1

Security problems

Posted: Wed Sep 25, 2013 1:05 pm
by AnViar
I see a lot of system log records from different IPs:
Code: Select all
13:22:16 pptp,info TCP connection established from 204.93.154.194 
13:22:16 pptp,ppp,info <pptp-0>: waiting for call... 
13:22:16 pptp,ppp,info <pptp-0>: terminating... - cntrl message too big 
13:22:16 pptp,ppp,info <pptp-0>: disconnected 
13:22:16 pptp,info TCP connection established from 204.93.154.194 
13:22:16 pptp,ppp,info <pptp-0>: waiting for call... 
13:22:16 pptp,ppp,info <pptp-0>: terminating... - cntrl message too big 
13:22:17 pptp,ppp,info <pptp-0>: disconnected 
13:22:17 pptp,info TCP connection established from 204.93.154.194 
13:22:17 pptp,ppp,info <pptp-0>: waiting for call... 
13:22:17 pptp,ppp,info <pptp-0>: terminating... - cntrl message too big 
13:22:17 pptp,ppp,info <pptp-0>: disconnected 
13:22:17 pptp,info TCP connection established from 204.93.154.194 
13:22:17 pptp,ppp,info <pptp-0>: waiting for call... 
13:22:22 pptp,ppp,info <pptp-0>: terminating... - disconnected 
13:22:23 pptp,ppp,info <pptp-0>: disconnected
Q: Why pptp-daemon continues to listen to the port?PPtP-server is not in the configuration.
Firmware version: 6.4

Re: Security problems

Posted: Sat Sep 28, 2013 10:21 am
by jaykay2342
leaving aside that the daemon should not listen i suggest to filter everything you don't need. We have a few firewall rules at the input chain to allow SSH,HTTPS from our management network. on some devices we have rules to allow GRE or API from specific sources. At the bottom rule to reject for UDP and TCP traffic and everything else got dropped.

Re: Security problems

Posted: Mon Oct 12, 2015 11:03 am
by berry2012
Hello,

I have similar problem with my cloudcore router 6.32.2
My input chain firewall rule to block these IP addresses are not working.
The IP is from china.
I disabled vpn configs and the IP is still establishing connections frequently.
Please how do I put an end to this?
oct/10 23:39:02 pptp,info TCP connection established from 183.60.48.25
oct/10 23:39:02 pptp,debug,packet rcvd Start-Control-Connection-Request from 183.60.48.25
oct/10 23:39:02 pptp,debug,packet protocol-version=0x0100
oct/10 23:39:02 pptp,debug,packet framing-capabilities=1
oct/10 23:39:02 pptp,debug,packet bearer-capabilities=1
oct/10 23:39:02 pptp,debug,packet maximum-channels=0
oct/10 23:39:02 pptp,debug,packet firmware-revision=0
oct/10 23:39:02 pptp,debug,packet host-name=
oct/10 23:39:02 pptp,debug,packet vendor-name=
oct/10 23:39:02 pptp,debug,packet sent Start-Control-Connection-Reply to 183.60.48.25
oct/10 23:39:02 pptp,debug,packet protocol-version=0x0100
oct/10 23:39:02 pptp,debug,packet result-code=1
oct/10 23:39:02 pptp,debug,packet error-code=0
oct/10 23:39:02 pptp,debug,packet framing-capabilities=2
oct/10 23:39:02 pptp,debug,packet bearer-capabilities=0
oct/10 23:39:02 pptp,debug,packet maximum-channels=0
oct/10 23:39:02 pptp,debug,packet firmware-revision=1
oct/10 23:39:02 pptp,debug,packet host-name=KVPROUTER2
oct/10 23:39:02 pptp,debug,packet vendor-name=MikroTik
oct/10 23:39:02 pptp,ppp,debug <9>: LCP lowerdown
oct/10 23:39:02 pptp,ppp,debug <9>: LCP down event in initial state
oct/11 04:29:10 pptp,info TCP connection established from 141.105.66.185
oct/11 04:29:10 pptp,debug received too big control message, disconnecting
oct/11 04:29:10 pptp,ppp,debug <10>: LCP lowerdown
oct/11 04:29:10 pptp,ppp,debug <10>: LCP down event in initial state
oct/11 08:06:05 pptp,info TCP connection established from 183.60.48.25
oct/11 08:06:05 pptp,debug,packet rcvd Start-Control-Connection-Request from 183.60.48.25
oct/11 08:06:05 pptp,debug,packet protocol-version=0x0100
oct/11 08:06:05 pptp,debug,packet framing-capabilities=1
oct/11 08:06:05 pptp,debug,packet bearer-capabilities=1
oct/11 08:06:05 pptp,debug,packet maximum-channels=0
oct/11 08:06:05 pptp,debug,packet firmware-revision=0
oct/11 08:06:05 pptp,debug,packet host-name=
oct/11 08:06:05 pptp,debug,packet vendor-name=
oct/11 08:06:05 pptp,debug,packet sent Start-Control-Connection-Reply to 183.60.48.25
oct/11 08:06:05 pptp,debug,packet protocol-version=0x0100
oct/11 08:06:05 pptp,debug,packet result-code=1
oct/11 08:06:05 pptp,debug,packet error-code=0
oct/11 08:06:05 pptp,debug,packet framing-capabilities=2
oct/11 08:06:05 pptp,debug,packet bearer-capabilities=0
oct/11 08:06:05 pptp,debug,packet maximum-channels=0
oct/11 08:06:05 pptp,debug,packet firmware-revision=1
oct/11 08:06:05 pptp,debug,packet host-name=KVPROUTER2
oct/11 08:06:05 pptp,debug,packet vendor-name=MikroTik
oct/11 08:06:05 pptp,ppp,debug <11>: LCP lowerdown
oct/11 08:06:05 pptp,ppp,debug <11>: LCP down event in initial state
oct/11 16:33:08 pptp,info TCP connection established from 183.60.48.25
oct/11 16:33:08 pptp,debug,packet rcvd Start-Control-Connection-Request from 183.60.48.25
oct/11 16:33:08 pptp,debug,packet protocol-version=0x0100
oct/11 16:33:08 pptp,debug,packet framing-capabilities=1
oct/11 16:33:08 pptp,debug,packet bearer-capabilities=1
oct/11 16:33:08 pptp,debug,packet maximum-channels=0
oct/11 16:33:08 pptp,debug,packet firmware-revision=0
oct/11 16:33:08 pptp,debug,packet host-name=
oct/11 16:33:08 pptp,debug,packet vendor-name=
oct/11 16:33:08 pptp,debug,packet sent Start-Control-Connection-Reply to 183.60.48.25
oct/11 16:33:08 pptp,debug,packet protocol-version=0x0100
oct/11 16:33:08 pptp,debug,packet result-code=1
oct/11 16:33:08 pptp,debug,packet error-code=0
oct/11 16:33:08 pptp,debug,packet framing-capabilities=2
oct/11 16:33:08 pptp,debug,packet bearer-capabilities=0
oct/11 16:33:08 pptp,debug,packet maximum-channels=0
oct/11 16:33:08 pptp,debug,packet firmware-revision=1
oct/11 16:33:08 pptp,debug,packet host-name=KVPROUTER2
oct/11 16:33:08 pptp,debug,packet vendor-name=MikroTik
oct/11 16:33:08 pptp,ppp,debug <12>: LCP lowerdown
oct/11 16:33:08 pptp,ppp,debug <12>: LCP down event in initial state
01:01:18 pptp,info TCP connection established from 183.60.48.25
01:01:18 pptp,debug,packet rcvd Start-Control-Connection-Request from 183.60.48.25
01:01:18 pptp,debug,packet protocol-version=0x0100
01:01:18 pptp,debug,packet framing-capabilities=1
01:01:18 pptp,debug,packet bearer-capabilities=1
01:01:18 pptp,debug,packet maximum-channels=0
01:01:18 pptp,debug,packet firmware-revision=0
01:01:18 pptp,debug,packet host-name=
01:01:18 pptp,debug,packet vendor-name=
01:01:18 pptp,debug,packet sent Start-Control-Connection-Reply to 183.60.48.25
01:01:18 pptp,debug,packet protocol-version=0x0100
01:01:18 pptp,debug,packet result-code=1
01:01:18 pptp,debug,packet error-code=0
01:01:18 pptp,debug,packet framing-capabilities=2
01:01:18 pptp,debug,packet bearer-capabilities=0
01:01:18 pptp,debug,packet maximum-channels=0
01:01:18 pptp,debug,packet firmware-revision=1
01:01:18 pptp,debug,packet host-name=KVPROUTER2
01:01:18 pptp,debug,packet vendor-name=MikroTik
01:01:18 pptp,ppp,debug <13>: LCP lowerdown
01:01:18 pptp,ppp,debug <13>: LCP down event in initial state
04:14:41 pptp,info TCP connection established from 61.240.144.67
04:15:11 pptp,ppp,debug <14>: LCP lowerdown
04:15:11 pptp,ppp,debug <14>: LCP down event in initial state
04:47:12 pptp,info TCP connection established from 183.60.48.25
04:47:12 pptp,debug,packet rcvd Start-Control-Connection-Request from 183.60.48.25
04:47:12 pptp,debug,packet protocol-version=0x0100
04:47:12 pptp,debug,packet framing-capabilities=1
04:47:12 pptp,debug,packet bearer-capabilities=1
04:47:12 pptp,debug,packet maximum-channels=0
04:47:12 pptp,debug,packet firmware-revision=0
04:47:12 pptp,debug,packet host-name=
04:47:12 pptp,debug,packet vendor-name=
04:47:12 pptp,debug,packet sent Start-Control-Connection-Reply to 183.60.48.25
04:47:12 pptp,debug,packet protocol-version=0x0100
04:47:12 pptp,debug,packet result-code=1
04:47:12 pptp,debug,packet error-code=0
04:47:12 pptp,debug,packet framing-capabilities=2
04:47:12 pptp,debug,packet bearer-capabilities=0
04:47:12 pptp,debug,packet maximum-channels=0
04:47:12 pptp,debug,packet firmware-revision=1
04:47:12 pptp,debug,packet host-name=KVPROUTER2
04:47:12 pptp,debug,packet vendor-name=MikroTik
04:47:12 pptp,ppp,debug <15>: LCP lowerdown
04:47:12 pptp,ppp,debug <15>: LCP down event in initial state
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/