Attempts to hack into my machine via VPN??

Post Reply
jbmia
Posts: 67
Joined: Sun Nov 07, 2010 11:59 am

Attempts to hack into my machine via VPN??

Postby jbmia » Thu Jul 21, 2011 9:30 am

Hi guys,

Just double checking here... happened to noticed the following my /var/log/messages:

Code: Select all

Jul 21 11:57:08 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX TLS Error: Auth Username/Password was not provided by peer Jul 21 11:57:08 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX TLS Error: TLS handshake failed Jul 21 11:57:08 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX SIGUSR1[soft,tls-error] received, client-instance restarting Jul 21 11:58:10 XXXX openvpn[1725]: MULTI: multi_create_instance called Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX Re-using SSL/TLS context Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX LZO compression initialized Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX Control Channel MTU parms [xxxxxxxxxxxxxxxxxxx... ] Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX Data Channel MTU parms [ xxxxxxxxxxxxxxxxxxx.... ] Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX Local Options hash (VER=V4): 'xxxxxxxx' Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX Expected Remote Options hash (VER=V4): 'xxxxxxxx' Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX TLS: Initial packet from XX.XXX.X.XXX:XXXXX, sid=xxxxxxx... Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=client-tcheng/emailAddress=info@homehda.com Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX TLS Error: Auth Username/Password was not provided by peer Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX TLS Error: TLS handshake failed Jul 21 11:58:10 XXXX openvpn[1725]: XX.XX.X.XXX:XXXXX SIGUSR1[soft,tls-error] received, client-instance restarting
This stream of logged messages occurs over and over again, for hours and hours... appears to go back into the middle of the night...

Something I should be concerned with? I'm assuming this is the vpn server component that Amahi has embedded... I rarely use it.. .should I disable it or block the port?? Or am I just misinterpreting the logs??

Much appreciation for any guidance... !

(edit: I temporarily blocked port 1194 on my router till this is resolved...)
Top
User avatar
radioz
Posts: 406
Joined: Tue Nov 24, 2009 1:07 pm

Re: Attempts to hack into my machine via VPN??

Postby radioz » Thu Jul 21, 2011 8:15 pm

Do you recognize the IP address in "TLS: Initial packet from XX.XXX.X.XXX:XXXXX, sid=xxxxxxx..."?

Try:
nslookup XX.XXX.X.XXX

That might tell you something.
Top
Post Reply

Return to “VPN”

Who is online

Users browsing this forum: No registered users and 11 guests