A client which is non-SoftEther VPN software has connected to the port.??

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
dayvan
Posts: 2
Joined: Mon Mar 23, 2020 8:06 am

A client which is non-SoftEther VPN software has connected to the port.??

Post by dayvan » Mon Mar 23, 2020 8:27 am

Hi,
I configured the server a couple of days ago on port 443 all works great.
But today when I looked at the logs for the past few days, there are the following entries a couple of times a day:

Code: Select all

2020-03-23 05:27:35.758 On the TCP Listener (Port 443), a Client (IP address X.X.X.X, Host name "scan-XX.security.ipip.net", Port number 48576) has connected.
2020-03-23 05:27:35.758 For the client (IP address: X.X.X.X, host name: "scan-XX.security.ipip.net", port number: 48576), connection "CID-104-DDAA7164A7" has been created.
2020-03-23 05:27:36.039 SSL communication for connection "CID-104-DDAA7164A7" has been started. The encryption algorithm name is "AES128-SHA".
2020-03-23 05:27:36.648 Connection "CID-104-DDAA7164A7" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5).
2020-03-23 05:27:36.648 Connection "CID-104-DDAA7164A7" has been terminated.
I've blanked out IP addresses as and some part of the hostname.

Are these just doing scans on random IP addresses to see what services are running on port 443? If I change the default port 443 to something else for clients to connect to, will these go away? :-)
Other source domains that I get entries for this are mailfind.host, rwth-aachen.de, stretchoid.com etc.

I am using Softether DDNS service, does that mean that my IP address with the DDNS hostname become public?

Thanks in Advance.

P.S.
I tried searching for this but I can't seem to get the search function to work, even if I enter just non-SoftEther then I get:
The following words in your search query were ignored because they are too common words: non softether.
You must specify at least one word to search for. Each word must consist of at least 3 characters and must not contain more than 14 characters excluding wildcards.

SilverbackNet
Posts: 7
Joined: Thu Jan 30, 2020 12:24 pm

Re: A client which is non-SoftEther VPN software has connected to the port.??

Post by SilverbackNet » Mon Mar 23, 2020 10:30 am

If you have ports open to the internet, especially any known port, then you just have to adjust to the idea that you'll be port-scanned. You can use an alternate port, or use port-knocking, but even then, zombies will keep trying everything you have. Just harden and ignore the script kiddies. This is the life of a sysadmin.

dayvan
Posts: 2
Joined: Mon Mar 23, 2020 8:06 am

Re: A client which is non-SoftEther VPN software has connected to the port.??

Post by dayvan » Mon Mar 23, 2020 11:08 am

@SilverbackNet
Thanks for the reply. I was worried that someone was trying to scan me and do an attack :-)
I'll change the port to a non standard one.

I was thinking of having a scheduled script run and check the log files for entries with:
User authentication failed.

to try and detect if someone is trying to brute force their way in. I shouldn't have entries for this for actuall users (there's just going to be one) since they will have the password saved.

Post Reply