Port scan abuse report from hetzner
840 views
Skip to first unread message
Dicanio Valentino
Dec 26, 2021, 4:31:49 AM12/26/21
to BigBlueButton-Setup
Hi,
I got abuse report from hetzner for UDP port scan, what is wrong with BBB or how i can prevent it ?
Regards.
Dicanio Valentino
Dec 26, 2021, 12:39:46 PM12/26/21
to BigBlueButton-Setup
it is the port scan abuse report i got:
Sat Dec 25 17:47:09 2021 UDP 188.40.XXX.XXX 31318 => 192.168.1.101 53729
Sat Dec 25 17:47:10 2021 UDP 188.40.XXX.XXX 31318 => 192.168.1.101 53729
Sat Dec 25 17:50:00 2021 UDP 188.40.XXX.XXX 31830 => 192.168.1.3 57608
Sat Dec 25 17:51:43 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:44 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:45 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:56 2021 UDP 188.40.XXX.XXX 28002 => 192.168.0.100 59600
Sat Dec 25 17:47:47 2021 UDP 188.40.XXX.XXX 25849 => 192.168.1.52 64975
Sat Dec 25 17:47:48 2021 UDP 188.40.XXX.XXX 25849 => 192.168.1.52 64975
Sat Dec 25 17:48:30 2021 UDP 188.40.XXX.XXX 29460 => 192.168.1.101 64975
Sat Dec 25 17:51:37 2021 UDP 188.40.XXX.XXX 27265 => 192.168.1.10 54060
Sat Dec 25 17:51:38 2021 UDP 188.40.XXX.XXX 27265 => 192.168.1.10 54060
Sat Dec 25 17:50:57 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:50:58 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:50:59 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:51:28 2021 UDP 188.40.XXX.XXX 26152 => 192.168.1.103 39568
Sat Dec 25 17:50:23 2021 UDP 188.40.XXX.XXX 29550 => 192.168.1.4 41101
Sat Dec 25 17:50:25 2021 UDP 188.40.XXX.XXX 29550 => 192.168.1.4 41101
Sat Dec 25 17:45:40 2021 UDP 188.40.XXX.XXX 24858 => 192.168.1.6 49395
Sat Dec 25 17:47:10 2021 UDP 188.40.XXX.XXX 31318 => 192.168.1.101 53729
Sat Dec 25 17:50:00 2021 UDP 188.40.XXX.XXX 31830 => 192.168.1.3 57608
Sat Dec 25 17:51:43 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:44 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:45 2021 UDP 188.40.XXX.XXX 29301 => 192.168.1.4 56955
Sat Dec 25 17:51:56 2021 UDP 188.40.XXX.XXX 28002 => 192.168.0.100 59600
Sat Dec 25 17:47:47 2021 UDP 188.40.XXX.XXX 25849 => 192.168.1.52 64975
Sat Dec 25 17:47:48 2021 UDP 188.40.XXX.XXX 25849 => 192.168.1.52 64975
Sat Dec 25 17:48:30 2021 UDP 188.40.XXX.XXX 29460 => 192.168.1.101 64975
Sat Dec 25 17:51:37 2021 UDP 188.40.XXX.XXX 27265 => 192.168.1.10 54060
Sat Dec 25 17:51:38 2021 UDP 188.40.XXX.XXX 27265 => 192.168.1.10 54060
Sat Dec 25 17:50:57 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:50:58 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:50:59 2021 UDP 188.40.XXX.XXX 27933 => 192.168.56.1 58154
Sat Dec 25 17:51:28 2021 UDP 188.40.XXX.XXX 26152 => 192.168.1.103 39568
Sat Dec 25 17:50:23 2021 UDP 188.40.XXX.XXX 29550 => 192.168.1.4 41101
Sat Dec 25 17:50:25 2021 UDP 188.40.XXX.XXX 29550 => 192.168.1.4 41101
Sat Dec 25 17:45:40 2021 UDP 188.40.XXX.XXX 24858 => 192.168.1.6 49395
basisbit
Dec 26, 2021, 1:19:51 PM12/26/21
to BigBlueButton-Setup
please use the search feature here in the google group/forum. Block outgoing requests from your server to private port ranges and adjust the settings for your TURN server, so it does not try to send data to those "private" IP address ranges when the client lists these as their local IP addresses.
Dicanio Valentino
Dec 26, 2021, 2:13:36 PM12/26/21
to BigBlueButton-Setup
Hi basisbit,
Thanks for helpful suggestion, i already have adjusted the settings for my TURN server, the outgoing traffic is blocked for private network ranges now.
i tried the search but couldn't find straightforward solution!
Regards.
daniel1s...@gmail.com
Jan 16, 2022, 8:05:22 AM1/16/22
to BigBlueButton-Setup
basisbit schrieb am Sonntag, 26. Dezember 2021 um 19:19:51 UTC+1:
Block outgoing requests from your server to private port ranges and adjust the settings for your TURN server, so it does not try to send data to those "private" IP address ranges when the client lists these as their local IP addresses.
Can someone add this to turn documentation (or have I skipped this part)?
basisbit
Jan 17, 2022, 7:46:37 AM1/17/22
to BigBlueButton-Setup
The client tells the server which IP addresses it might be accessible under. Then the server tries to connect to those. This being a problem is something Hetzner specific because they don't just drop unroutable traffic - tbh I don't think that needs to go into the BBB documentation.
Matthias Weiler
Jan 17, 2022, 8:12:36 AM1/17/22
to bigbluebu...@googlegroups.com
configuration.
https://docs.bigbluebutton.org/admin/setup-turn-server.html
The coturn-config gives more explanation.
https://github.com/coturn/coturn/blob/master/docker/coturn/turnserver.conf#L611
Matthias Weiler
Jan 17, 2022, 8:17:06 AM1/17/22
to bigbluebu...@googlegroups.com
Ignore this. I didn't read carefully enough that it's about port-ranges,
not IP-ranges.
not IP-ranges.
Ivan Dem
Dec 6, 2023, 1:19:58 AM12/6/23
to BigBlueButton-Setup
I have the same issue on our BBB Server.
But if I ufw deny out from any to 172.16.0.0/12 I can't open my docker greenlight v2 client
Have some one a idea why it happens?
Lukas/MuLu
Dec 6, 2023, 5:22:35 AM12/6/23
to BigBlueButton-Setup
Docker also uses this range for internal networks.
So if you block it gernerally nginx can't reach the docker container.
So if you block it gernerally nginx can't reach the docker container.
Reply all
Reply to author
Forward
0 new messages