[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] blocking hack attempts


  • Subject: Re: [Openvpn-users] blocking hack attempts
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Tue, 01 Jan 2008 20:50:33 -0200



Yan Seiner escreveu:
I've started experiencing a 'dictionary attack' - someone is determined to get in. This is more of a nuisance than anything, but I would like to figure out a way to block UDP attacks, similar to the SSH blocks.

They've been hitting me twice a second for days now.  I'm getting annoyed.

UDP is stateless though - any way to figure out how to block these attacks at the firewall?

If those attacks come from only some IPs, of course you can block them on your firewall.

is your VPN for remote users (ie notebooks/desktops using OpenVPN on their Windows) or to interconnect your offices (ie firewall linux boxes establishing VPN between them) ?? If it's for remote users, then you have to leave the UDP port 'open' on the firewall. If you're using OpenVPN to interconnect offices, of course you can (and should already be doing) filter by your remote office IPs and then leaving the UDP port 'closed' to the internet.

If your VPN is for remote users, i'll suppose you're running OpenVPN in TLS mode, creating digital certificates for each users, etc etc. Maybe you have some authentication schema as well, but i'll suppose you DO have digital certificates for EACH user. In that case, you should notice that a bruteforce attack for establishing the VPN is MUCH harder than a simple attack on username/password like SSH ones. Even if you have some authentication schema for establishing the VPN, you should remember that authentication occurs AFTER the data channel has beng secured. Nobody would be able to bruteforce username/password before establishing the TLS channel. And that would be simple. In fact, bruteforcing that is supposed to be VERY VERY difficult.

and still about TLS mode and certificates, even you have one valid certificate stealed (notebook stealed or something), thus allowing somebody to establish the secure TLS channel and then bruteforcing your authentication schema .... you should notice that a certificate can be easily revoked.



--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it




Attachment: smime.p7s
Description: S/MIME Cryptographic Signature