Page 1 of 1

Exessive connection attempts from Amazon AWS servers

Posted: Wed Jan 08, 2020 10:14 am
by ChAoS
Hello

since years I am using softether vpn server.

I installed it on an VPS machine in internet. Additionally I installed a vpn server on a VM instance at home and bridged them together. Since years there was no problem.

At the end of the last year I noticed the HDD of the VPS was full (80 GB). Searching aroud I found very very big logs from the vpnserver. all of them between 100-200 mb -> per day.

I deleted (not reviewed) them all and forgot to search the problem.
Today I noticed the LOG folder got again 20 GB in sice.

I downloaded and reviewed one of the log files and at this time I was very suprised.

There are about exessive connections incoming from amazon aws and other servers (google, gameservers etc.) to my openvpn port.

Code: Select all

2020-01-02 17:11:16.865 OpenVPN Session 2750657 (13.127.184.79:55948 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:16.865 OpenVPN Session 2750657 (13.127.184.79:55948 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:16.905 OpenVPN Session 2750658 (34.93.105.42:45080 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:16.905 OpenVPN Session 2750658 (34.93.105.42:45080 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:16.955 OpenVPN Session 2750351 (13.127.184.79:46876 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:16.995 OpenVPN Session 2750352 (34.93.105.42:60271 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.086 OpenVPN Session 2750353 (13.127.184.79:29936 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.146 OpenVPN Session 2750354 (34.93.105.42:29898 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.146 OpenVPN Session 2750355 (34.93.105.42:64998 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.177 OpenVPN Session 2750659 (34.93.105.42:17542 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.177 OpenVPN Session 2750659 (34.93.105.42:17542 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.197 OpenVPN Session 2750660 (34.93.105.42:41914 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.197 OpenVPN Session 2750660 (34.93.105.42:41914 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.207 OpenVPN Session 2750661 (34.93.105.42:20662 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.207 OpenVPN Session 2750661 (34.93.105.42:20662 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.227 OpenVPN Session 2750356 (34.93.105.42:22337 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.247 OpenVPN Session 2750357 (13.127.184.79:6455 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.378 OpenVPN Session 2750662 (13.127.184.79:8656 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.378 OpenVPN Session 2750662 (13.127.184.79:8656 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.449 OpenVPN Session 2750663 (34.93.105.42:46628 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.449 OpenVPN Session 2750663 (34.93.105.42:46628 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.459 OpenVPN Session 2750358 (13.127.184.79:5781 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.540 OpenVPN Session 2750359 (34.93.105.42:517 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.660 OpenVPN Session 2750360 (34.93.105.42:46551 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.711 OpenVPN Session 2750664 (13.127.184.79:21303 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.711 OpenVPN Session 2750664 (13.127.184.79:21303 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.721 OpenVPN Session 2750665 (34.93.105.42:30503 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.721 OpenVPN Session 2750665 (34.93.105.42:30503 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.761 OpenVPN Session 2750666 (34.93.105.42:26909 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.761 OpenVPN Session 2750666 (34.93.105.42:26909 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.761 OpenVPN Session 2750361 (34.93.105.42:43495 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.771 OpenVPN Session 2750667 (34.93.105.42:56318 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.771 OpenVPN Session 2750667 (34.93.105.42:56318 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:17.862 OpenVPN Session 2750362 (34.93.105.42:45639 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.902 OpenVPN Session 2750363 (13.127.184.79:28572 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:17.992 OpenVPN Session 2750668 (34.93.105.42:11556 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:17.992 OpenVPN Session 2750668 (34.93.105.42:11556 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.073 OpenVPN Session 2750364 (34.93.105.42:19250 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:18.123 OpenVPN Session 2750669 (13.127.184.79:60379 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.123 OpenVPN Session 2750669 (13.127.184.79:60379 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.204 OpenVPN Session 2750365 (34.93.105.42:62620 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:18.265 OpenVPN Session 2750670 (34.93.105.42:45899 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.265 OpenVPN Session 2750670 (34.93.105.42:45899 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.335 OpenVPN Session 2750671 (34.93.105.42:25829 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.335 OpenVPN Session 2750671 (34.93.105.42:25829 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.335 OpenVPN Session 2750672 (34.93.105.42:56565 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.335 OpenVPN Session 2750672 (34.93.105.42:56565 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.355 OpenVPN Session 2750366 (34.93.105.42:45617 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:18.436 OpenVPN Session 2750367 (13.127.184.79:63779 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:18.486 OpenVPN Session 2750368 (34.93.105.42:17234 -> [MY-IP-ADDRESS]:1194): Deleting the session.
2020-01-02 17:11:18.536 OpenVPN Session 2750673 (34.93.105.42:46585 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.536 OpenVPN Session 2750673 (34.93.105.42:46585 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
2020-01-02 17:11:18.546 OpenVPN Session 2750674 (13.127.184.79:62450 -> [MY-IP-ADDRESS]:1194): A new session is created. Protocol: UDP
2020-01-02 17:11:18.546 OpenVPN Session 2750674 (13.127.184.79:62450 -> [MY-IP-ADDRESS]:1194) Channel 0: A new channel is created.
Can anyone tell me what this is?
Are these brute forces or why do they try to reach this server?
The problem was not there before, my logs were ever small in size.

I now changed the open VPN port in hope it is now quiet.

Thank you

Re: Exessive connection attempts from Amazon AWS servers

Posted: Sun Aug 23, 2020 3:50 pm
by oriettaxx
We have exactly the same problem

anyone?

maybe setting up fail2ban? or something similar?

Re: Exessive connection attempts from Amazon AWS servers

Posted: Mon Aug 24, 2020 10:46 am
by sky59
34.93.105.42 is google

13.127.184.79 is really amazon, but the same area

I think google is searching and trying makig "copy" of internet for their search engine??

May be this also explains mine server occasionally reset. I have locked SD card and server is running exclusively in RAM only.
So if they are too brutal then server resets :) Fuck them off!