For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Armando1973's avatar
Armando1973
Icon for Nimbostratus rankNimbostratus
Jul 02, 2025

Strange connection from VIP to suspicious IP on Internet

Hi everyone,   I have a VIP that public a web services on port 80/443 to Internet. Lately, i notice there is some connection from the VIP to an suspicious Internet IP (45.33.12.214). I check and th...
security
Jeff_Granieri's avatar
Jeff_Granieri
Icon for Employee rankEmployee
Aug 14, 2025

Hi Armando,

 

Your going to want to see what server's behind your BIG-IP are trying to access that IP.   Applying a simple iRule will help narrow down and help determine the source.  The IP mentioned has shown up here Abuse IP Check.     You can easily block any connections to that destination IP Blocking IP's

 

when CLIENT_ACCEPTED  {
    # Log the source and destination IP addresses
     log local0.info "Connection: Source IP: [IP::client_addr], Source Port: [TCP::client_port], Destination IP: [IP::local_addr], Destination Port: [TCP::local_port]"
}