LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-10-2013, 10:29 AM   #1
linx444
LQ Newbie
 
Registered: Mar 2006
Posts: 21

Rep: Reputation: 1
Question


Hi All

I am trying to find a way of protecting XL2TPD/IPSEC ports from brute force attacks? I looked at fail2ban but seems like it doesnt cover VPNs. Any ideas how I can secure these ports and against authentication failures?

Any one with any ideas? Or am I missing something obvious?

Last edited by unSpawn; 05-13-2013 at 12:36 PM. Reason: //Retain 0-reply state
 
Old 05-13-2013, 12:41 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,452
Blog Entries: 54

Rep: Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895
Quote:
Originally Posted by linx444 View Post
I am trying to find a way of protecting XL2TPD/IPSEC ports from brute force attacks?
Depends on where connections are allowed from. If you can white list IP addresses or ranges that could be a starting point. Elif start by rate limiting new connections. The network layer after all is the foundation for everything else.


Quote:
Originally Posted by linx444 View Post
I looked at fail2ban but seems like it doesnt cover VPNs.
Post some obfuscated messages you would like to block, tell us what you file they're from and we'll try to whip up a recipe to try.
 
Old 05-16-2013, 09:49 AM   #3
linx444
LQ Newbie
 
Registered: Mar 2006
Posts: 21

Original Poster
Rep: Reputation: 1
Many thanks for your reply, really appreciate it! Unfortunetly white listing IP isnt an option.After some investigating, I have created a lt2p filter for fail2ban to use and is working well. Also another way round I thought of in the PPP setup you can inject a logger command into the logs then create another filter if you wanted.
 
Old 05-16-2013, 04:18 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,452
Blog Entries: 54

Rep: Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895
Quote:
Originally Posted by linx444 View Post
After some investigating, I have created a lt2p filter for fail2ban to use and is working well.
Mind sharing the regex(es) you used? Might help with others.
*Also please mark the thread "solved".
 
  


Reply

Tags
dos, ipsec, security, xl2tpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Openswan+xl2tpd VPN xl2tpd failure nightradio Linux - Networking 1 01-23-2013 06:19 PM
xl2tpd gives errors and can't connect daotiansi Linux - Software 2 07-30-2011 01:02 AM
xl2tpd gives errors and disconnects garm0 Linux - Newbie 0 02-24-2009 07:31 PM
DOS protection (fudp) ddaas Linux - Security 4 02-22-2008 06:40 AM
DoS Attacks Protection chenkoforever Linux - Security 2 07-04-2004 04:11 PM


All times are GMT -5. The time now is 12:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration