How to Identify What’s Accessing My Docker Network?

0
15
Asked By CuriousTechie42 On

I'm trying to figure out if my devices are being hacked or if I'm just misinterpreting my logs. I have several web-facing servers like Immich and Glances, and I use Virtualmin for hosting websites. Everything is set up behind Traefik and mostly runs via Docker. Recently, I've noticed some log entries showing requests from an IP in my Docker internal network (192.168.57.1) to my Traefik server, specifically targeting port 10000 on my Virtualmin setup. My concern is that there doesn't seem to be a physical device corresponding to that IP, so I'm wondering if it's just Docker networking at play or if there's a potential intrusion. How can I determine whether this activity is normal or if something suspicious is happening?

5 Answers

Answered By SysAdminSam On

What you're seeing seems to be a bad request directed at Traefik. Since it’s a GET request for `/`, and if you don’t have a route for it, it’s completely understandable. It’s probably just bots or some random scripts trying to connect, nothing to worry about.

Answered By PortMonitorPro On

Is your Virtualmin or Webmin at the helm of listening on port 10000? They’re both known to use that port. There might be a chance that there's an unresolved TLD on the server causing repeated requests.

Answered By WebWizKid On

From what I can see, it looks like that IP might be a virtual router for your Docker network. It's not unusual to see traffic like this if everything is properly isolated but check to confirm its role.

Answered By DockerDude99 On

It sounds like that could be the Docker bridge doing its thing. Try running `ip addr | grep 192.168.57.1` to get more details, or inspect all your containers to see what's active on that network.

Answered By HealthCheckHero On

Check your setup for any defined health checks. Sometimes, the Docker host will send requests to the web server it's hosting to verify that everything's up and running, which could explain the traffic you're seeing.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.