Related

ISIS hack on my server / droplet Question Question
Game Server DDoS Attack?? Question Question

Question

SSH hack attempts on Anchor IP

Posted May 26, 2020 298 views
Security

I’m currently browsing the logs on an Ubuntu 16.04 instance. It’s using a floating IP for http/s access. The logs are getting filled with random connections attempts on 443/sshd which is expected. But what I don’t understand is why many of these attempts are showing that the destination IP is the Anchor IP for my Floating Address. From what I understand, the Anchor should only be accessible within the datacenter. Is this indicative of attacks from a neighbor VPS, and if so, how would I alert Digital Ocean Admins, so they could locate the source and inform, or potentially shutdown the owner? The source addresses appear to be coming from all over the world, but I assume those are spoofed. Thanks.

Add a comment
ThereIGoKillingAgain
By:
ThereIGoKillingAgain
edited by MattIPv4
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
njw May 26, 2020

Floating IP’s are actually tied to the anchor IP. All traffic to the floating IP goes through the anchor IP address which is tied to your eth0 interface. Any traffic coming through the floating IP would show up to the destination anchor IP address.Traffic to the droplet’s main IP address will show up with the main IP’s address.

Reply Report
ThereIGoKillingAgain May 26, 2020
[deleted]
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help