I know this question can sounds weird but I noticed strange behaviour on our network.
Here’s the context:
I have a vm running multiple docker containers. To simplify their use and because I need https we set up a nginx reverse proxy in a container jwilder/nginx-proxy (following this method https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/)
I am seeing some requests sent to multiple ips addresses during the night on an unknown port :
@myserverip 48772 => 188.8.131.52 9001 @myserverip 59094 => 184.108.40.206 9001 @myserverip 35308 => 220.127.116.11 9001 @myserverip 52786 => 18.104.22.168 9001
For the moment iptables allow everyone to request 80 and 443 and the reverse proxy container is the only container mapped on these port. I filtered all incoming connection and no more connection to these ips.
Can someone from the outside uses the reverse proxy ?