Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Attacks from cloudflare IP ranges
New on LowEndTalk? Please Register and read our Community Rules.

Attacks from cloudflare IP ranges

rdesrdes Member
edited November 17 in Help

From about two weeks I have been seeing a lot attacks from IPs belonging to cloudflare. These are not attacks redirected through their proxy to domains added to CF but ssh or smtp login attempts, port scans etc.

Here's few examples CF IPs that has several dozen reports on abuseipdb:
https://www.abuseipdb.com/check/104.28.159.66
https://www.abuseipdb.com/check/104.28.159.9
https://www.abuseipdb.com/check/104.28.159.89
https://www.abuseipdb.com/check/104.28.159.90

Has cloudflare recently started selling some VPNs or what's the deal here? I know apple has their private relay working on cloudflare network, but they seem to only allow traffic on http(s) ports? Or maybe it is IP spoofing? What do you think?

Comments

  • LTnigerLTniger Member

    Warp is their vpn. Yes, it happens, but cf abuse dep is extreme. Report and go to sleep.

  • PacketsDecreaserPacketsDecreaser Member, Patron Provider

    We also see attacks from Cloudflare IPs. But most attacks against us are TCP/UDP and not http requests. I think thats IP spoofing

  • tentortentor Member, Patron Provider
    edited November 17

    @PacketsDecreaser said:
    We also see attacks from Cloudflare IPs. But most attacks against us are TCP/UDP and not http requests. I think thats IP spoofing

    We can confirm TCP connections to the honeypots, that is not an IP spoof. CF does not give a damn on portscan abuse complaints and keeps saying "We are CDN!!!"

    I promise you that one day I will ban AS13335 and whitelist their CIDRs used by reverse proxy for website protection.

    Thanked by 4PacketsDecreaser Calin rdes SalmonBrandon
Sign In or Register to comment.