cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unrecognized IP accessing Dynatrace Environment ActiveGate

victor_segovia
Inactive

The security team of one of our customers informed us that they are detecting unrecognized incoming connections via IP 34.196.118.31 and 34.192.116.178 to a Dynatrace ActiveGate we are using with them; such connections are worrying this costumer and they asked us if such IPs belong to the Dynatrace Clusters or Mission Control; we recognized the IP 34.196.118.31 but IP 34.192.116.178 does not seem to be listed in any part either in the documentation or in the Dynatrace UI, does this IP belong to Dynatrace?


3 REPLIES 3

Julius_Loman
Leader

Are you absolutely sure the connections are to the gateway and not from the gateway?

Since only agents initiate communication to the gateway and the gateway initiates the communication to the cluster (not vice versa).


TEMPEST a.s., Slovakia, Dynatrace Master Partner

We are sure, the network analysis done by the security team of our customer is listing that the Dynatrace ActiveGate Host is receiving inbound/incoming request from both IP addresses. The network team told us that in the beginning they thought that the requests were a form of DDoS.


Is your environment ActiveGate port (default to 9999) publicly available from internet?
ActiveGate has no control over what is trying to connect to it. If you wish to control it, you need to use firewall / iptables rules to manage this and allow communiction only from your environment.

However, a valid token is required to pass communication further to Dynatrace Cluster through the ActiveGate. Each agent has this token in its configuration. So even if someone is able to establish a TCP connection to the gateway, it's useless without the token. (Unless someone is trying to do DDoS).


TEMPEST a.s., Slovakia, Dynatrace Master Partner