SSH hack attempts on Anchor IP

I’m currently browsing the logs on an Ubuntu 16.04 instance. It’s using a floating IP for http/s access. The logs are getting filled with random connections attempts on 443/sshd which is expected. But what I don’t understand is why many of these attempts are showing that the destination IP is the Anchor IP for my Floating Address. From what I understand, the Anchor should only be accessible within the datacenter. Is this indicative of attacks from a neighbor VPS, and if so, how would I alert Digital Ocean Admins, so they could locate the source and inform, or potentially shutdown the owner? The source addresses appear to be coming from all over the world, but I assume those are spoofed. Thanks.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Floating IP’s are actually tied to the anchor IP. All traffic to the floating IP goes through the anchor IP address which is tied to your eth0 interface. Any traffic coming through the floating IP would show up to the destination anchor IP address.Traffic to the droplet’s main IP address will show up with the main IP’s address.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

This comment has been deleted