Forum Discussion

Armando1973

Nimbostratus

Jul 01, 2025

Strange connection from VIP to suspicious IP on Internet

Hi everyone, I have a VIP that public a web services on port 80/443 to Internet. Lately, i notice there is some connection from the VIP to an suspicious Internet IP (45.33.12.214). I check and th...

security

Jeff_Granieri

Employee

Aug 14, 2025

Hi Armando,

Your going to want to see what server's behind your BIG-IP are trying to access that IP. Applying a simple iRule will help narrow down and help determine the source. The IP mentioned has shown up here Abuse IP Check. You can easily block any connections to that destination IP Blocking IP's

when CLIENT_ACCEPTED  {
    # Log the source and destination IP addresses
     log local0.info "Connection: Source IP: [IP::client_addr], Source Port: [TCP::client_port], Destination IP: [IP::local_addr], Destination Port: [TCP::local_port]"
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)