Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    DigitalOcean block (2604:a880:400:d1::/48) today. ~100+ hits

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 155 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ Offline
      JonathanLee
      last edited by

      Heads up — seeing a massive automated IPv6 port scan hitting my HE tunnel endpoint from a DigitalOcean block (2604:a880:400:d1::/48) today. ~100+ hits in under an hour, scanning everything — SSH, RDP, HTTP, databases (MySQL, Mongo, Postgres), VNC, you name it. All blocked by Snort rule 1:1000340 ("Unsolicited Inbound to WANv6 Tunnel Endpoint"), one packet per port. Classic automated scanner that spun up a whole address block just to sweep ports.
      Anyone else seeing this DO block today?

      Make sure to upvote

      GertjanG 1 Reply Last reply Reply Quote 1
      • GertjanG Offline
        Gertjan @JonathanLee
        last edited by

        @JonathanLee

        For myself, I've just one open port on my WAN (both IPv4 and IPv6) : "1194 UDP" also known as OpenVPN.

        RDP, SSH, MySQL etc etc etc etc are all on the 'never ever expose these on the Internet' list.

        Don't worry about IPv6 scans. It's like looking for and counting stars in the galaxy, looking for planets and live on it ^^

        No "help me" PM's please. Use the forum, the community will thank you.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.