LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   XL2TPD protection from DoS (http://www.linuxquestions.org/questions/linux-security-4/xl2tpd-protection-from-dos-4175461445/)

linx444 05-10-2013 10:29 AM

Hi All

I am trying to find a way of protecting XL2TPD/IPSEC ports from brute force attacks? I looked at fail2ban but seems like it doesnt cover VPNs. Any ideas how I can secure these ports and against authentication failures?

Any one with any ideas? Or am I missing something obvious?

unSpawn 05-13-2013 12:41 PM

Quote:

Originally Posted by linx444 (Post 4948614)
I am trying to find a way of protecting XL2TPD/IPSEC ports from brute force attacks?

Depends on where connections are allowed from. If you can white list IP addresses or ranges that could be a starting point. Elif start by rate limiting new connections. The network layer after all is the foundation for everything else.


Quote:

Originally Posted by linx444 (Post 4948614)
I looked at fail2ban but seems like it doesnt cover VPNs.

Post some obfuscated messages you would like to block, tell us what you file they're from and we'll try to whip up a recipe to try.

linx444 05-16-2013 09:49 AM

Many thanks for your reply, really appreciate it! Unfortunetly white listing IP isnt an option.After some investigating, I have created a lt2p filter for fail2ban to use and is working well. Also another way round I thought of in the PPP setup you can inject a logger command into the logs then create another filter if you wanted.

unSpawn 05-16-2013 04:18 PM

Quote:

Originally Posted by linx444 (Post 4952492)
After some investigating, I have created a lt2p filter for fail2ban to use and is working well.

Mind sharing the regex(es) you used? Might help with others.
*Also please mark the thread "solved".


All times are GMT -5. The time now is 09:29 PM.