安全性问题报告

[crazyvest]

在国内云服务器上部署后的一周内，每日会有来自甘肃兰州（每日）、美、巴西、荷兰、印度、乌等各国的试图访问。服务日志有明确记录来自这些不明地区ip的尝试验证密码并握手的请求。搭建的云服务器udp2raw服务并未公开，这些不明地址的来源是如何得知我的服务器启用了udp2raw服务的？

[wangyu-]

english only

这些不明地址的来源是如何得知我的服务器启用了udp2raw服务的？

they doesn't necessarily know you have udp2raw running

udp2raw will try to decrypt and hmac verify all incomming tcp connections, and respond to only the the ones that passes the verification.

udp2raw decrypt failure in log doesn't mean the attacker knows you are running udp2raw and trying to guess password. they might just doing port scanning