NAT VM abusing resources

FlorinMarian

Active Member
Nov 13, 2017
73
2
28
27
Hi, guys!
I encounter an unpredictibile situation on my small business.
After selling over 100 NAT IPv4 VMs with 50 public ports each and /64 IPv6, I've started to receive abuse reports on NAT IPv4 which says that one of my customer scans random hosts for weak passwords and things like this.
Because exit port on my IPv4 is a temporary one (52xxx), how can I find who's abuser?
Any tip is welcome.
Thank you!
 

oguz

Proxmox Staff Member
Retired Staff
Nov 19, 2018
5,207
679
118
hi,

After selling over 100 NAT IPv4 VMs with 50 public ports each and /64 IPv6, I've started to receive abuse reports on NAT IPv4 which says that one of my customer scans random hosts for weak passwords and things like this.
you can try capturing packets on the host wherever the abuse was reported, and figure out who's doing it by analyzing the packet logs.

if it's scanning activity, then you could look for outbound connections to a lot of hosts... maybe on SSH or SMTP ports (common targets).

keep in mind the "abuser" might also be just some server that was compromised (weak passwords? :) ) and now being used to attack others.
 
  • Like
Reactions: FlorinMarian

FlorinMarian

Active Member
Nov 13, 2017
73
2
28
27
hi,


you can try capturing packets on the host wherever the abuse was reported, and figure out who's doing it by analyzing the packet logs.

if it's scanning activity, then you could look for outbound connections to a lot of hosts... maybe on SSH or SMTP ports (common targets).

keep in mind the "abuser" might also be just some server that was compromised (weak passwords? :) ) and now being used to attack others.
Thank you. Opted to refund all NAT LXC containers which were unable to pay extra for dedicated IP address because it was too difficult to identify abuser and I was very close to lose my whole rented /24 subnet.
Best regards, Florin.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!