[Lotus]

I have a VPN set up between two businesses, for some odd reason the whole thing stopped working.

Hardware is Symantec Firewall/VPN 100 at both locations. I have it set up like they say to on the website and documentation CD. We have static IP's which have not changed.

I notice we are under constant port scan attack...every 30-60 seconds.


* It was down all day yesterday and now it's up again, just checked. *

I was finally able to ping the computer behind the vpn/firewall at the other location.

What would cause it to keep going down? Even after reseting everything it still won't work.

When I pinged it a second ago, 1 of 4 pings made it... When I pinged again, 2 made it, then the third time all pings made it and didn't time out.

I don't understand why it works "some" times.

All the settings have been gone over time and time again, by two different people.

[sapiens74]

Any changed to your network? Like new hardware, firewall, anything like that?

[Lotus]

No not a thing.

[sapiens74]

Sound like a DOS attack if you are under constant attack. THat would cause them to time out. otherwise try something, like chaning ip addresses at both ends.

[Lotus]

I have talked to a few other people who also said that the DOS would cause the VPN to go down. If I change IP addresses (which are static right now) wouldn't the problem just come back? Is there anything I can do settings wise, that would help? Or is changing the IP the way I'll have to go?

[Lotus]

I just went to try and log into the router...I can't even get into it. Same thing happened with it yesterday. Took like an hour before I was able to log into it. Strange. Maybe my switch is on the fritz.

[Lotus]

Log
UTC Time Message Source
08/07/2003 23:30:19.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:30:28.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:46:54.66 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:47:03.61 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:55:35.91 Port Scan attack !!! 67.20.174.52:4736
08/07/2003 23:56:05.31 Port Scan attack !!! 67.20.174.52:4896
08/08/2003 00:00:41.71 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:00:50.61 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:05:47.86 Port Scan attack !!! 67.20.164.108:1596
08/08/2003 00:19:26.31 Port Scan attack !!! 66.188.195.206:3486
08/08/2003 00:27:45.41 Port Scan attack !!! 218.90.178.145:2315
08/08/2003 00:31:52.86 Port Scan attack !!! 203.192.11.30:1065
08/08/2003 00:33:24.81 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 00:52:29.56 Port Scan attack !!! 67.20.174.52:2102
08/08/2003 00:56:20.71 Port Scan attack !!! 62.62.139.253:3833
08/08/2003 00:57:39.86 Port Scan attack !!! 67.20.77.111:2836
08/08/2003 01:02:57.91 Port Scan attack !!! 61.177.227.45:2077
08/08/2003 01:22:36.11 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:22:51.91 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:23:07.96 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:31:00.76 Port Scan attack !!! 67.20.187.62:3670
08/08/2003 01:41:58.61 Port Scan attack !!! 12.248.64.98:4361
08/08/2003 01:48:32.11 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 02:01:21.36 Port Scan attack !!! 67.20.221.200:1945
08/08/2003 02:24:18.46 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:24:27.51 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:37:26.36 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:37:35.31 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:49:01.61 Port Scan attack !!! 67.20.81.212:3612
08/08/2003 02:58:09.66 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 02:58:18.61 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 03:02:26.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:02:35.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:06:24.31 Port Scan attack !!! 67.20.33.55:3674
08/08/2003 03:07:24.16 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 03:10:50.36 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:10:56.31 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:21:25.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:21:34.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:22:25.06 Port Scan attack !!! 67.20.76.159:3841

==============================================

Here is part of the log...I removed my IP

Most are TCP and UDP..there were also like 7 or 8 HTTP as well.


The log from our other business looks just like this. Filled with port scan attacks etc..

[Lotus]

ANy idea what would make the connection intermittent "some days"?

[sapiens74]

If you are getting those kinds of attacks, you need to speak with your ISP about filtering the traffic before it gets to you.

[Lotus]

I'll give them a call today to see what they can do. That log is one of 4 pages filled with attacks. It's kind of annoying heh.