I am seeing outgoing connections to strange IP's on my VPS

Question

I am seeing outgoing connections to strange IP's on my VPS

none

darin755 1 month, 4 weeks ago

So I started playing around with Scapy on my VPS just for fun and education. However, with Scapy I noticed my server is contacting strange IP's all over the world. This has me a bit concerned since I don't see the outgoing connections in tcpdump.

Here is what I saw

starting
45.33.113.47 -> 193.32.162.136
45.33.113.47 -> 193.32.162.136
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 50.218.103.254
45.33.113.47 -> 92.255.85.189
45.33.113.47 -> 92.255.85.189
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 218.92.0.245
45.33.113.47 -> 50.218.103.254

My script: (redacted is my devices IP)

#!/usr/bin/python3
from scapy.all import sniff

print("starting")

def callbackfn(data):
  if data[0].getlayer('IP'):
    if (data[0].getlayer('IP').src != *redacted*) and (data[0].getlayer('IP').dst != *redacted*) and (data[0].getlayer('IP').src == "45.33.113.47"):
      print(data[0].getlayer('IP').src+" -> "+data[0].getlayer('IP').dst)

while True:
  capture = sniff(prn=callbackfn, count=1, store=0)

Is this a compromise? If so, how did it happen? I shutdown the VPS and I need to determine what is happening.

1 Reply

darin755 · Answer 1 · Jan. 27, 2025, 8:08 p.m.

darin755 1 month, 4 weeks ago

So it looks like the traffic was just SSH attempts and NTP…

False alarm

Compute

Storage

Networking

Databases

Services

Developer Tools

Solutions

Pricing

Library

Technical Resources

Community

Marketplace

What's New

I am seeing outgoing connections to strange IP's on my VPS

1 Reply

Reply

Tips: