The security team of one of our customers informed us that they are detecting unrecognized incoming connections via IP 220.127.116.11 and 18.104.22.168 to a Dynatrace ActiveGate we are using with them; such connections are worrying this costumer and they asked us if such IPs belong to the Dynatrace Clusters or Mission Control; we recognized the IP 22.214.171.124 but IP 126.96.36.199 does not seem to be listed in any part either in the documentation or in the Dynatrace UI, does this IP belong to Dynatrace?
Solved! Go to Solution.
Is your environment ActiveGate port (default to 9999) publicly available from internet?
ActiveGate has no control over what is trying to connect to it. If you wish to control it, you need to use firewall / iptables rules to manage this and allow communiction only from your environment.
However, a valid token is required to pass communication further to Dynatrace Cluster through the ActiveGate. Each agent has this token in its configuration. So even if someone is able to establish a TCP connection to the gateway, it's useless without the token. (Unless someone is trying to do DDoS).