I got a series of e-mails from my server provider. I’m not a network engineer, so I don’t really understand what they said was the problem. I ended up killing IPFS after they gave me KVM console access for one hour.
Was IPFS doing something malicious?
What am I supposed to do with IPTables?
Why would the server provider say IPFS was abusing their network?
Any thoughts?
We have indications that there was an attack from your server.
Please take all necessary measures to avoid this in the future and to solve the issue.
> We don't allow netscans according our system policies
>
> You scanned private networks RFC1918. https://tools.ietf.org/html/rfc1918
> These networks are not reachable via your external interface.
> You could block this traffic with local firewall configuration.You may do this with IPtables for example.
> Thank you for your understanding.
Dear Sir or Madam
Your server with the above-mentioned IP address has performed scans on other servers on the Internet.
This has placed a considerable strain on network resources and, as a result, a segment of our network has been adversely affected.
Your server has therefore been deactivated as a precautionary measure.
A corresponding log history is attached at the end of this email.
##########################################################################
# Netscan detected from host 148.251.xxx.xxx #
##########################################################################
time protocol src_ip src_port dest_ip dest_port
---------------------------------------------------------------------------
Wed Aug 29 20:17:55 2018 TCP 148.251.xxx.xxx 4001 => 192.168.35.132 33671
Wed Aug 29 20:17:51 2018 TCP 148.251.xxx.xxx 4001 => 172.17.0.1 45051
Wed Aug 29 20:17:52 2018 TCP 148.251.xxx.xxx 4001 => 172.17.0.1 45051
...
Wed Aug 29 20:17:52 2018 TCP 148.251.xxx.xxx 37264 => 172.31.16.219 36680
Wed Aug 29 20:17:55 2018 TCP 148.251.xxx.xxx 37264 => 172.31.16.219 36680