Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Armando1973's avatar
Armando1973
Icon for Nimbostratus rankNimbostratus
Jul 01, 2025

Strange connection from VIP to suspicious IP on Internet

Hi everyone,   I have a VIP that public a web services on port 80/443 to Internet. Lately, i notice there is some connection from the VIP to an suspicious Internet IP (45.33.12.214). I check and th...
security
Jeff_Granieri's avatar
Jeff_Granieri
Icon for Employee rankEmployee
Aug 14, 2025

Hi Armando,

 

Your going to want to see what server's behind your BIG-IP are trying to access that IP.   Applying a simple iRule will help narrow down and help determine the source.  The IP mentioned has shown up here Abuse IP Check.     You can easily block any connections to that destination IP Blocking IP's

 

when CLIENT_ACCEPTED  {
    # Log the source and destination IP addresses
     log local0.info "Connection: Source IP: [IP::client_addr], Source Port: [TCP::client_port], Destination IP: [IP::local_addr], Destination Port: [TCP::local_port]"
}