Page 1 of 1

Connection Flood

Posted: Mon Jun 15, 2020 1:28 pm
by Cptluxx
Hi,

since a few weeks i got a lot of connections from random Ips in my log so much that my connection got instable
2020-06-15 13:34:56.570 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.570 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.596 OpenVPN Session 34 (145.239.133.139:13297 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:56.596 OpenVPN Session 34 (145.239.133.139:13297 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.719 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.719 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.745 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.746 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.767 OpenVPN Session 35 (145.239.133.139:53193 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:56.767 OpenVPN Session 35 (145.239.133.139:53193 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.784 OpenVPN Session 36 (145.239.133.139:25355 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:56.784 OpenVPN Session 36 (145.239.133.139:25355 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.841 OpenVPN Session 37 (145.239.133.139:23271 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:56.841 OpenVPN Session 37 (145.239.133.139:23271 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.881 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.889 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.967 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.968 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:56.984 OpenVPN Session 38 (145.239.133.139:22878 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:56.984 OpenVPN Session 38 (145.239.133.139:22878 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.119 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.120 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.157 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.157 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.243 OpenVPN Session 39 (145.239.133.139:17886 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.243 OpenVPN Session 39 (145.239.133.139:17886 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.251 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.306 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.377 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.377 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.391 OpenVPN Session 40 (145.239.133.139:60251 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.391 OpenVPN Session 40 (145.239.133.139:60251 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.522 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.522 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.558 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.558 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.644 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.653 OpenVPN Session 41 (145.239.133.139:36816 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.653 OpenVPN Session 41 (145.239.133.139:36816 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.707 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.787 OpenVPN Session 42 (145.239.133.139:60844 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.787 OpenVPN Session 42 (145.239.133.139:60844 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.787 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.787 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.803 OpenVPN Session 43 (145.239.133.139:34885 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.804 OpenVPN Session 43 (145.239.133.139:34885 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.805 OpenVPN Session 44 (145.239.133.139:23940 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:57.805 OpenVPN Session 44 (145.239.133.139:23940 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.938 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.938 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.974 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:57.975 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.035 OpenVPN Session 45 (145.239.133.139:14306 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.035 OpenVPN Session 45 (145.239.133.139:14306 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.055 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.119 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.191 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.191 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.198 OpenVPN Session 46 (145.239.133.139:8098 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.198 OpenVPN Session 46 (145.239.133.139:8098 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.351 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.353 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.381 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.381 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.436 OpenVPN Session 47 (145.239.133.139:19195 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.436 OpenVPN Session 47 (145.239.133.139:19195 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.462 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.513 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.595 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.595 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.602 OpenVPN Session 48 (145.239.133.139:8986 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.602 OpenVPN Session 48 (145.239.133.139:8986 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.754 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.762 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.791 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.791 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.829 OpenVPN Session 49 (145.239.133.139:9199 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.829 OpenVPN Session 49 (145.239.133.139:9199 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.858 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.931 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.943 OpenVPN Session 50 (145.239.133.139:35004 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.943 OpenVPN Session 50 (145.239.133.139:35004 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.959 OpenVPN Session 51 (145.239.133.139:1694 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:58.959 OpenVPN Session 51 (145.239.133.139:1694 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.996 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:58.996 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.010 OpenVPN Session 52 (145.239.133.139:11992 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:59.010 OpenVPN Session 52 (145.239.133.139:11992 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.156 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.175 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.201 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.205 OpenVPN Session 53 (145.239.133.139:3906 -> 192.168.70.200:1194): A new session is created. Protocol: UDP
2020-06-15 13:34:59.205 OpenVPN Session 53 (145.239.133.139:3906 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.206 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.269 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.342 OpenVPN Session 2 (194.67.78.76:26565 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.412 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.412 OpenVPN Session 3 (194.67.78.76:27575 -> 192.168.70.200:1194) Channel 0: A new channel is created.
2020-06-15 13:34:59.451 OpenVPN Session 54 (145.239.133.139:13309 -> 192.168.70.200:1194): A new session is created. Protocol: UDP

any way to reduce this? I already added a few of the Ips to the firewall

Re: Connection Flood

Posted: Mon Jun 15, 2020 5:29 pm
by megatronz
I think ur server is begin used as part of Spoofed Amplification DDoS Attack, there is attack method based on OpenVPN amplification, the attacker uses a list of OpenVPN servers (your server most likely in that list) and then uses the victim IP to send request (using IP Spoofing) to the OpenVPN list so then the openvpn servers reply the victim with bigger message, these IPs in your logs are victims, they didn't try to make any connection to your server. you can prevent this by changing the port number to something else, as the attackers always scan servers looking for open port 1194 for UDP OpenVPN amplification.

edit: another way to reduce this is by iptables hashlimit module.

Re: Connection Flood

Posted: Tue Jun 16, 2020 1:53 pm
by Cptluxx
Ah Thanks,

i found https://github.com/SoftEtherVPN/SoftEth ... ssues/1001 so will install the latest version from github..

Re: Connection Flood

Posted: Tue Jun 16, 2020 8:48 pm
by megatronz
Cptluxx wrote:
Tue Jun 16, 2020 1:53 pm
Ah Thanks,

i found https://github.com/SoftEtherVPN/SoftEth ... ssues/1001 so will install the latest version from github..
Keep in mind that updating to latest version wont prevent the attacker from using your server as part of his AMP attack, its better to add a firewall rule to ratelimit connections to specific ip to prevent flood.