Unknown connections

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
amn3132
Posts: 1
Joined: Tue Oct 23, 2018 4:19 pm

Unknown connections

Post by amn3132 » Mon Dec 17, 2018 3:09 pm

I was checking my VPN Server log and founf the following:

2018-12-17 00:27:59.826 On the TCP Listener (Port 5555), a Client (IP address 188.159.92.159, Host name "adsl-188-159-92-159.sabanet.ir", Port number 54743) has connected.
2018-12-17 00:27:59.826 For the client (IP address: 188.159.92.159, host name: "adsl-188-159-92-159.sabanet.ir", port number: 54743), connection "CID-2644" has been created.
2018-12-17 00:27:59.826 Connection "CID-2644" has been terminated.
2018-12-17 00:27:59.826 The connection with the client (IP address 188.159.92.159, Port number 54743) has been disconnected.
2018-12-17 00:56:20.225 On the TCP Listener (Port 5555), a Client (IP address 27.105.232.115, Host name "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", Port number 59753) has connected.
2018-12-17 00:56:20.225 For the client (IP address: 27.105.232.115, host name: "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", port number: 59753), connection "CID-2645" has been created.
2018-12-17 00:56:20.225 On the TCP Listener (Port 5555), a Client (IP address 27.105.232.115, Host name "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", Port number 59756) has connected.
2018-12-17 00:56:20.225 For the client (IP address: 27.105.232.115, host name: "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", port number: 59756), connection "CID-2646" has been created.
2018-12-17 00:56:20.225 Connection "CID-2646" has been terminated.
2018-12-17 00:56:20.225 The connection with the client (IP address 27.105.232.115, Port number 59756) has been disconnected.
2018-12-17 00:56:22.039 Connection "CID-2645" has been terminated.
2018-12-17 00:56:22.039 The connection with the client (IP address 27.105.232.115, Port number 59753) has been disconnected.
2018-12-17 00:56:22.201 On the TCP Listener (Port 5555), a Client (IP address 27.105.232.115, Host name "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", Port number 59763) has connected.
2018-12-17 00:56:22.201 For the client (IP address: 27.105.232.115, host name: "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", port number: 59763), connection "CID-2647" has been created.
2018-12-17 00:56:22.201 Connection "CID-2647" has been terminated.
2018-12-17 00:56:22.201 The connection with the client (IP address 27.105.232.115, Port number 59763) has been disconnected.
2018-12-17 00:56:24.390 On the TCP Listener (Port 5555), a Client (IP address 27.105.232.115, Host name "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", Port number 59770) has connected.
2018-12-17 00:56:24.390 For the client (IP address: 27.105.232.115, host name: "27-105-232-115-adsl-KHH.dynamic.so-net.net.tw", port number: 59770), connection "CID-2648" has been created.
2018-12-17 00:56:24.390 Connection "CID-2648" has been terminated.

These connections are unknown to me. Apparently it seems they get connected for a moment and then disconnected. I am using the maximum security for connections as suggested by SoftEther. Can someone explain it please?

davidebeatrici
Posts: 33
Joined: Tue Aug 28, 2018 6:44 am

Re: Unknown connections

Post by davidebeatrici » Mon Dec 17, 2018 7:10 pm

That is usually the result of bots which scan various ports, usually only known numbers (5555 is associated to SoftEther VPN), on a lot of IP addresses.

Since I don't see any connection attempts on port 443 (HTTPS), which is one of the most scanned ports along with 80 (HTTP), I assume that you disabled it.

Stopping or deleting the listener on port 5555 would probably help, as bots rarely scan ports which are not known.

By the way, those connection attempts are not harmful, as the server rejects them immediately as soon as it detects that the request doesn't come from SoftEther VPN Client.

Post Reply