top | item 32054424

(no title)

skonteam | 3 years ago

Yeah, you are right probably someone behind the WARP vpn, i didn't know they allowed SSH trafic through that. What is surprising is that the IPs i am seeing do not match any of the ranges Cloudflare is publishing on that link (typically as sub range of 8.0.0.0/8).

discuss

johnklos|3 years ago

VPNs aren't supposed to block traffic, so there'd be no good reason to block ssh unless you suspect your clients are malicious.

As to why Cloudflare's 8.37.43.0/24, 8.39.18.0/24, 8.40.140.0/24 and 8.42.172.0/24 networks aren't on that page which purports to be the "definitive source of Cloudflare’s current IP ranges", all I can say is that Cloudflare has a long history of caring much more about the appearance of transparency than about actually being transparent. They make reporting any abuse very difficult, and they probably wouldn't care in the slightest that their customers are doing nefarious things.

eastdakota|3 years ago

That page is for the IPs that customers should whitelist as the source of traffic from our proxy services. These IPs are for Cloudflare WARP (our VPN-like app) and should not be whitelisted by customers in the same way. That's why they're not on that page.

zinekeller|3 years ago

Just checked, and you're right. Hmm, suspicious, although looking at RADB (https://www.radb.net/query?advanced_query=1&keywords=AS13335...) it seems that it routes more than that list.