Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unknown incoming telnet attempts after setting up VPN

Featured Replies

I recently set up a VPN for my unRaid server and noticed in my logs today (first time VPN being left connected overnight) I had multiple telnet attempts from a few IP addresses that are from Taiwan and Vietnam to name a couple.  What are they, are they malicious attempts or simply probes from the VPN?  The IPs are not on my subnet assigned by the VPN and there is no log of invalid password attempt, so it does look like a port probe.  Why would I be getting port probes from IPs from these countries over my VPN?  Using HMA VPN Pro.

 

 

Aug 19 23:59:55 Tower in.telnetd[10651]: connect from 175.182.76.144 (175.182.76.144) (Routine)
Aug 19 23:59:55 Tower telnetd[10651]: ttloop: peer died: EOF  (Logins)
Aug 20 00:15:25 Tower in.telnetd[23155]: connect from 220.134.216.166 (220.134.216.166) (Routine)
Aug 20 00:15:25 Tower telnetd[23155]: ttloop: peer died: EOF  (Logins)
Aug 20 00:24:21 Tower in.telnetd[30276]: connect from 175.182.76.144 (175.182.76.144) (Routine)
Aug 20 00:24:24 Tower telnetd[30276]: ttloop: peer died: EOF  (Logins)
Aug 20 00:39:16 Tower in.telnetd[10044]: connect from 123.19.208.193 (123.19.208.193) (Routine)
Aug 20 00:39:16 Tower telnetd[10044]: ttloop: peer died: EOF  (Logins)
Aug 20 07:52:05 Tower in.telnetd[9306]: connect from 88.250.84.91 (88.250.84.91) (Routine)
Aug 20 07:52:05 Tower telnetd[9306]: ttloop: peer died: EOF  (Logins)
Aug 20 07:58:19 Tower in.telnetd[14340]: connect from 88.250.84.91 (88.250.84.91) (Routine)
Aug 20 07:58:21 Tower telnetd[14340]: ttloop: peer died: EOF  (Logins)
Aug 20 10:19:01 Tower in.telnetd[29194]: connect from 183.178.134.25 (183.178.134.25) (Routine)
Aug 20 10:19:02 Tower telnetd[29194]: ttloop: peer died: EOF  (Logins)
Aug 20 10:25:17 Tower in.telnetd[1738]: connect from 183.178.134.25 (183.178.134.25) (Routine)
Aug 20 10:25:19 Tower telnetd[1738]: ttloop: peer died: EOF  (Logins)

i would set up a rule to block them anyway, maybe even whitelist only certain external ips.

I'm puzzled why there would be these probes over a VPN.

 

A VPN is from one point to another, There should only be visibility from either side of the VPN.

If these addresses are outside of the VPN, then something is wrong.

I.E. Firewall somewhere open.

Could it be on your side? Or the remote side?

 

I have my SSH port exposed to the internet, but I also DENY everything and only ALLOW what I expect to connect.

 

I would recommend the same be done with /etc/hosts.allow and /etc/host.deny for any service that you do not want open to the world.

 

You can also do a

 

/etc/hosts.deny

 

ALL: ALL

 

then set up

 

/etc/hosts.allow

 

sshd:  ip ip ip

telnetd: ip ip  ip

vsftpd: ip  ip  ip

 

Where the ip are the addresses you want to allow through.

 

  • Author

I contacted the VPN provider (hidemyass.com) and they do not have a NAT service on their VPN, their response:

 

Thank you for contacting the HMA! Customer support team.

At the moment we don't offer NAT service with our VPN, however your internet traffic is secured and protected over our VPN servers.

If you wish to additional layer of protection on your machine, please take a look at the following page for additional information on how to configure firewall:

http://www.ossramblings.com/using_iptables_rate_limiting_to_prevent_portscans

 

So basically it is secure client to server, but for the most part wide open on their end which is no different than pluging my server directly into my dsl modem as far as security goes (DMZ).  With no iptables or any other method of firewalling on unRAID available, using the openvpn plugin on unRAID is a bad idea for me.  I have the ASUS Dark Knight router with Tomato so I will be moving openvpn to it and setting up iptables on it to firewall/NAT and restrict it to my unRAID box.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.