The Danger of IP Volatility, (Sat, Feb 15th)

What do I mean by “IP volatility”? Today, many organizations use cloud services and micro-services. In such environments, IP addresses assigned to virtual machines or services can often be volatile, meaning they can change or be reassigned to other organizations or users. This presents a risk for services relying on static IPs for security configurations and may introduce impersonation or data leakage issues.

This morning, I was setting up a new environment. I got a new IP address assigned by my hosting company and deployed a classic configuration: a reverse-proxy redirecting to many web services and generating Let’s Encrypt certificates.

Once the reverse proxy was in place, I started to deploy more services but detected some activity in the log (always keep an eye on your logs!) and saw this:

A quick DNS request confirmed that these hosts are resolving to my newly assigned IP!

Worse, this organization seems to still be using POP3, and a user (or a script) is still trying to fetch emails using this protocol!

Some tips:

• When you move to another hosting solution, update your DNS records
• Cleanup your DNS zones and remove unwanted entries
• Use mechanisms to preserve your IP addresses (like “Elastic IPs” provided by AWS)

Xavier Mertens (@xme)
Xameco
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

Published at Sat, 15 Feb 2025 07:22:45 +0000