Open FallingHazard opened 3 months ago
It seems 64:ff9b:1::/48
is used for ipv4 translation... essentially you need to update your AddrFilters to exclude whatever Hetzner is using for LAN addresses. The server profile includes some well-known ranges but it seems to be missing this one. I guess it should be included...
Of course, let's not forget that Hetzner sucks, that they don't implement any network isolation and instead they put this shitty netscan detector and make ipfs-users life hard without giving any warning. You may well ask their support what private IP ranges to avoid because they may belong to other customers, but instead of dealing with Hetzner support, it is better that you buy yourself an icecream and spend the remaining time migrating off to a sane cloud provider that doesn't make you deal with this BS, if possible (in my humble and personal opinion).
Mostly agree with @hsanjuan, but poking into this more it looks like there are a few things going on here (although lmk if I'm wrong).
::/8
was reserved by IETF and has carved out some uses https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml
::5054:ff:fe92:8bc9
(i.e. they don't fall under one of the approved uses in a space reserved by IETF)64:ff9b:1::/48
should be add to the server profile filters in kubo because it's a private IP range64:ff9b::/96
is a valid public IP space per https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
64:ff9b::175:1005
falls into this range rather than the one above which should be filtered in kubo. If I'm doing the conversion correctly this is 1.117.16.5 (apparently a Tencent datacenter in China). This means Hetzner is blaming you for dialing what should be valid IP addresses... they might just have a filter for ::/8
and yell at you for dialing anything in that range (since the loopback addresses shouldn't touch the network anyway).If so this would mean the actions here are:
::/8
that's undefined64:ff9b:1::/48
to the server profile filters in kubo
Checklist
Installation method
ipfs-desktop
Version
Config
Description
I keep getting abuse warning for netscans. I am in server profile. They have locked my server and now won't unlock.
#############################################################################
Netscan detected from host xxxxxxxxxxxxxxxx
#############################################################################
TIME (UTC) SRC SRC-PORT -> DST DST-PORT SIZE PROT
2024-01-29 07:33:46 xxxxxxxxxxxxxxxx 4001 -> ::5054:ff:fe92:8bc9 4001 98 TCP 2024-01-29 07:33:33 xxxxxxxxxxxxxxxx 4001 -> ::9036:1c17:f6e3:4a35 44005 1298 UDP 2024-01-29 07:33:00 xxxxxxxxxxxxxxxx 4001 -> ::3:0:5bd:802:1aae 4001 1298 UDP 2024-01-29 07:33:00 xxxxxxxxxxxxxxxx 4001 -> 1e::3:0:2:bd0b 4001 1298 UDP 2024-01-29 07:33:00 xxxxxxxxxxxxxxxx 4001 -> 1e::ea3:0:2:bd0b 4001 1298 UDP 2024-01-29 07:33:29 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::175:1005 4001 1298 UDP 2024-01-29 07:33:43 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::300:debc 4001 98 TCP 2024-01-29 07:33:04 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::311:39b8 4001 98 TCP 2024-01-29 07:33:35 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::315:f409 4001 98 TCP 2024-01-29 07:33:32 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::322:124e 4001 98 TCP 2024-01-29 07:33:27 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::347:2aaa 4001 98 TCP 2024-01-29 07:33:33 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::350:b405 4001 98 TCP 2024-01-29 07:33:29 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::355:56bb 4001 98 TCP 2024-01-29 07:33:35 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::355:e7c2 4001 1298 UDP 2024-01-29 07:33:35 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::372:fa7f 4001 98 TCP 2024-01-29 07:33:25 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::378:ca60 4001 1298 UDP 2024-01-29 07:33:37 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::386:4d5d 4001 98 TCP 2024-01-29 07:32:55 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::386:9798 4001 98 TCP 2024-01-29 07:33:08 xxxxxxxxxxxxxxxx 4001 -> 64:ff9b::38a:8610