Hi, we see an ongoing attack on our SoftEther VPN. In the logs after replacing IP of our server with x.x.x.x the lines looks like: === 2021-07-06 00:00:00.128 OpenVPN Session 1074444968 (141.95.18.54:58360 -> x.x.x.x:1194): A new session is created. Protocol: UDP 2021-07-06 00:00:00.128 OpenVPN Session 1074444968 (141.95.18.54:58360 -> x.x.x.x:1194) Channel 0: A new channel is created. 2021-07-06 00:00:30.132 OpenVPN Session 1074444968 (141.95.18.54:58360 -> x.x.x.x:1194): Deleting the session. === We had about 2 millions a day of such sessions opened each for 30 seconds. Each IP address opens in parallel thousands of such sessions. It was easy to mitigate this attack with fail2ban.
Is there a community repository to share jail.d and filter.d contents like that which we wrote for SoftEther VPN? Did somebody experienced such attacks? -- Regards, Sergey Ivanov.
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
