New bogon hitting the openVPN port 1194
-
How can one only approved a asn for using that port without of blocking
-
@JonathanLee that is not a bogon IP.
NetRange: 192.241.128.0 - 192.241.255.255 CIDR: 192.241.128.0/17 NetName: DIGITALOCEAN-192-241-128-0
Its allowed because your rule 1704171613 allowed it. What rule is that? Look in your full ruleset for that number..
I personally block DO, nothing good will ever come from any of their IPs
-
@johnpoz that is my vpn rule.
Do you know the IP block for metropcs (Tmoblie)
Maybe I just set that rule to allow only metropcs… I found the asn but I can’t find the IP block they always connect with 172 on the first octet
172.56.169 ... sometimes 172.56.158 also
its dynamic as it is a mobile phone and the hotspot. I think that would be the best to resolve this. I am glad I caught that IP address.
This way I could set it to allow MetroPCS access and say nope to everything else
-
@JonathanLee I have tmobile and yeah when on cell my IPv4 that shows up is currently 172.59.201.x that shows as
NetRange: 172.32.0.0 - 172.63.255.255 CIDR: 172.32.0.0/11 NetName: TMO9
But they have way more prefixes than that, I show them on AS21928, which has a lot of IPv4 ranges
https://bgpview.io/asn/21928#prefixes-v4
if you just want to allow tmobile - I would prob create a pfblocker alias for that ASN, and use that in your rule for source.
-
@johnpoz said in New bogon hitting the openVPN port 1194:
172.32.0.0/11
There ASN is unreal they have gained over 5 million addresses in the last 4 years, WOW
-
@JonathanLee IPv4 isn't going anywhere any time soon.. The space is just being bought up by the big boys..
I don't know specific about metropc, but if they ride on the tmobile network - more than likely your phone never actually gets an IPv4, not public for sure.. t-mobile here in the states only gives their phones IPv6.. then they send it through their 464XLAT to get to IPv4 IPs..
There clearly is not enough IPv4 space on the planet for the billions of phones out there.. So yeah IPv6 is where its at for them, but until such time that IPv4 is gone, you still need a lot of IPv4 space to allow your billions of devices to talk to stuff ;)
-
@johnpoz yes and I couldn't use upd4 on the export file for OpenVPN I had to adapt it to UDP for it to even work. My home ISP is IPV4 only it's static address has not changed in many years. But the iPhone is pure ipv6 so connecting to it required changing that.
-
@johnpoz Thank you for the help. That resolved the weird digital ocean problem. That IP is flagged over and over inside of virustotal when I checked it also.
-
@JonathanLee huh? My setting on my phone for openvpn is set to udp4 only.. Since I don't listen on IPv6 for openvpn.. My phone has no issues connecting.. Like I said they run their phones through their 464Xlat stuff
-
@johnpoz Yes I had to manually adapt that to say UDP not UDP4 I think the ISP on my lan side doesnt know what UDP4 is and only knows udp
-
@JonathanLee not a thing.. not sure what your issue was, but it wasn't related to that..