SSH hack attempts on Anchor IP
I’m currently browsing the logs on an Ubuntu 16.04 instance. It’s using a floating IP for http/s access. The logs are getting filled with random connections attempts on 443/sshd which is expected. But what I don’t understand is why many of these attempts are showing that the destination IP is the Anchor IP for my Floating Address. From what I understand, the Anchor should only be accessible within the datacenter. Is this indicative of attacks from a neighbor VPS, and if so, how would I alert Digital Ocean Admins, so they could locate the source and inform, or potentially shutdown the owner? The source addresses appear to be coming from all over the world, but I assume those are spoofed. Thanks.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×