Yan Seiner escreveu:
I've started experiencing a 'dictionary attack' - someone is determined
to get in. This is more of a nuisance than anything, but I would like
to figure out a way to block UDP attacks, similar to the SSH blocks.
They've been hitting me twice a second for days now. I'm getting annoyed.
UDP is stateless though - any way to figure out how to block these
attacks at the firewall?
If those attacks come from only some IPs, of course you can block
them on your firewall.
is your VPN for remote users (ie notebooks/desktops using OpenVPN on
their Windows) or to interconnect your offices (ie firewall linux boxes
establishing VPN between them) ?? If it's for remote users, then you
have to leave the UDP port 'open' on the firewall. If you're using
OpenVPN to interconnect offices, of course you can (and should already
be doing) filter by your remote office IPs and then leaving the UDP port
'closed' to the internet.
If your VPN is for remote users, i'll suppose you're running OpenVPN
in TLS mode, creating digital certificates for each users, etc etc.
Maybe you have some authentication schema as well, but i'll suppose you
DO have digital certificates for EACH user. In that case, you should
notice that a bruteforce attack for establishing the VPN is MUCH harder
than a simple attack on username/password like SSH ones. Even if you
have some authentication schema for establishing the VPN, you should
remember that authentication occurs AFTER the data channel has beng
secured. Nobody would be able to bruteforce username/password before
establishing the TLS channel. And that would be simple. In fact,
bruteforcing that is supposed to be VERY VERY difficult.
and still about TLS mode and certificates, even you have one valid
certificate stealed (notebook stealed or something), thus allowing
somebody to establish the secure TLS channel and then bruteforcing your
authentication schema .... you should notice that a certificate can be
Atenciosamente / Sincerily,
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
Description: S/MIME Cryptographic Signature