Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  MX DAM - try to connect suspicious IP

    Posted 06-22-2021 07:51
    Dear All,

    Could you tell me why IMPERVA MX (DAM) tries to connect to IP:172.67.214.234?? it is Cloudflare.
    A colleague of mine informed me that his systems were being attacked from this address.

    regards,
    KAROL
    #DatabaseActivityMonitoring

    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Warsaw
    ------------------------------


  • 2.  RE: MX DAM - try to connect suspicious IP

    Posted 06-25-2021 07:22

    Hi Karol,

    I may need a little more detail to help here...

    If it is an HTTP request, then capture it and maybe we can make sense of it based on the HTTP header.

    If it is an SSL encrypted request, then capture it and maybe we can make sense of it based on the TLS handshake.

    Thanks,



    ------------------------------
    Edwin Groothuis
    Escalation engineer
    Imperva
    Tel Aviv NSW
    ------------------------------