I have two openvpn routers - one in the US and one in NZ (ie completely different networks). Both are currently being scanned on tcp port 1194 from about 12 different IP addresses - all in Amazon (ie EC2 instances)
They are causing no harm, but I'm seeing around 1 new connection every 2 seconds, and the scary thing is the NZ router is seeing the same source IP within seconds of the US one - which makes me feel like we're being targeted, but the lame, repetitive nature of the port scanner (it's basically a 3-way and hangup - no data as such) makes this the stoopidist scanner there is :-). We use tls-auth as well as certs so these aren't going to find anything. It's also only tcp/1194 - not even the default udp/1194, nor any of the other ports we run openvpn on Anyone else seeing these? 107.23.255.7 176.34.159.231 177.71.207.167 54.183.255.135 54.228.16.7 54.232.40.71 54.241.32.103 54.243.31.231 54.244.52.199 54.245.168.39 54.248.220.39 54.250.253.231 54.251.31.135 54.252.254.199 54.252.79.167 54.255.254.231 -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
