Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Detect & block "free VPN" users

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 782 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ThaDoctor72
      last edited by

      Make fun if you will, but I run an old school BBS over telnet, which is hosted on a VM box running DOS 6.22. 
      I get about 800 hits per day (presumably from the same source) trying to gain access to the box attempting to login as root with various password attempts, then run a few shell lines (mostly calls to busybox and deleting the etc folder), so the user's intent is malicious.

      Problem is, they are using various (or a bouncing) VPN service like HideMyAss or something similar, so the IP changes on every use.  Blacklisting or blocking is rather useless.

      So, the question is:
      Is there any package (or feature) that allows me to detect the use of a VPN (like a free VPN IP range list file) or something similar? 
      It doesn't necessarily even need to be run from pfSense, but it would be nice if it did so the logs could be integrated.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Make fun if you will

        Hey, some of us greybeards loved the BBS days of the 80's.

        What you're asking for isn't really practical.  As you yourself said,

        Blacklisting or blocking is rather useless.

        and I completely agree.  The bots are relentless and random.  Have a strong password, have good backups and just ignore the noise.

        1 Reply Last reply Reply Quote 0
        • T
          ThaDoctor72
          last edited by

          Good luck to them, he may want to modify his script a little bit, considering DOS don't give a damn who "root" is.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            You could for sure use something like pfblockerng to create lists of huge swaths of netblocks to block..  Block out all the other countries, etc.

            So you get 800 hits a day from this root user, how much actual real traffic do you get?

            I remember my bbs days!!!  Miss them actually, so freaking cool could get an email from other side of the planet using fido in less than a day ;)  One of my fav games was barren realms elite.. And tradewars - Can I check out this bbs??  Could you PM me info on how I request an account..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.