DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Multiple Mail Alerts for VPN

  • macximum
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
18 Apr 2020 13:25 #95989 by macximum
Multiple Mail Alerts for VPN was created by macximum
On a few occasions now I've awoken to my mailbox having been flooded with Mail Alerts from my router.

2020/04/18 07:59:57 -- DropVPN() VPN : Profile not found !!



There's about 15 entries per email, all saying the same thing, sometimes hundreds of emails... all sent within the space of an hour or so.

The router is a Draytek 2862ac running the latest firmware (as of this post). I'm assuming my IP or DynDNS identity is getting flooded with requests, trying to hack my router/network? I don't use the router for VPN dial in, or dial out. Only 2 clients on my network access a business VPN using software installed on the individual computer and they aren't being used that frequently at the moment, and certainly not at the times of these Mail Alerts being sent!

I have lots of other Draytek routers reporting to me at the same email address and have had nothing similar from any of those, ever.

Any one shed any more light on this for me?

Please Log in or Create an account to join the conversation.

More
18 Apr 2020 16:38 #95990 by hornbyp
Replied by hornbyp on topic Re: Multiple Mail Alerts for VPN

macximum wrote:

2020/04/18 07:59:57 -- DropVPN() VPN : Profile not found !!


I'm assuming my IP or DynDNS identity is getting flooded with requests, trying to hack my router/network? I don't use the router for VPN dial in, or dial out.



I would say it's just normal hacking :roll: If you don't have any VPN profiles configured then it's unlikely any of these attempts will succeed though :)

Have a look at https://Shodan.io and see if you can find yourself in the database :wink:

I think the accepted way to fend off these attacks, is to add the offending IP address to "Diagnostics >> DoS Flood Table" in the IP Blacklist section (you can't do it in the Firewall).

Please Log in or Create an account to join the conversation.

  • macximum
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
18 Apr 2020 16:57 #95991 by macximum
Replied by macximum on topic Re: Multiple Mail Alerts for VPN

hornbyp wrote:
I would say it's just normal hacking :roll: If you don't have any VPN profiles configured then it's unlikely any of these attempts will succeed though :)

Have a look at https://Shodan.io and see if you can find yourself in the database :wink:

I think the accepted way to fend off these attacks, is to add the offending IP address to "Diagnostics >> DoS Flood Table" in the IP Blacklist section (you can't do it in the Firewall).



Thanks hornbyp - My DynDNS is not located on Shodan but my IP is. I doubt VirginMedia are likely to give me a new dynamic IP so I've turned off all the checkboxes in VPN > Remote Access Control Setup anyway, so that should hopefully put a stop to it too?

I didn't have the IP address of the offender, just turned on the WebSyslog so in future I can capture this.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami