Why Is My Server Getting Attacked While My IP Can’t Even Connect?

By
Keven Krok
-
0
7
Asked By CloudyNavigator42 On

I work in a place with a big legacy IPv4 network that doesn't use NAT, which has its perks. Recently, I noticed some weird traffic on one of our servers from IPs that aren't part of our network, and UFW is blocking them from SSH access. A while back, I opened a ticket with our network team, who told me the firewall rules seemed fine and they'd investigate. Fast forward several months and I checked again because the traffic is back. I tried adding my home IP to the server's firewall to see if I could SSH into it, but nothing happened—no response at all. I did a packet capture and it looks like my home IP isn't even reaching the server, while these strange IPs (which seem like they could be from bots) are getting through. I asked the network team if this is part of a penetration test, but they said they'd only do that when scheduled. I plan to follow up with them more firmly about this if it keeps happening. I'm just curious—how can this be happening? Any ideas on how I can recreate this issue to show them the problem?

3 Answers

Answered By SecureNetworkGuru89 On

Interesting! It sounds like your workplace has some unique networking challenges. One possibility is that there might be a misconfiguration on the VPN client side that’s impacting your connection. In my previous job, we had a Class B /16 setup too, and those can get complex. It’s great that you have visibility, though — if those shifty IPs are hitting your server, it could indicate a vulnerability, so I'd be proactive about this. Have you talked to the networks team again?

Answered By GlobalIPWatcher On

I checked out those IPs, and wow, one’s from Sydney and the other from Brussels! Good to know UFW is doing its job blocking those connections. But you're right; if they can reach your server, they might find a vulnerability eventually. In my opinion, blocking access from outside your country (unless necessary for business) could be a solid move. Remind your networking team—the more you push for security now, the better it’ll be long-term!

Answered By DataGuardDude88 On

It might be worth looking into where those IPs are coming from, especially if you work in a university setting that may route those addresses. You might try to replicate the access from a different network, like eduroam, to see if the same issue happens. Just ensure you document everything so you have evidence when talking to the network team.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.