I know I know, this looks like a very clickbait-y title but ear me out:
(it is not anymore, don’t want to pursue any kind of stereotype)
I’ve set up a container lately that’s open to the internet. Is secured and it’s reachable to a different port from the default the service uses. But I’ve seen in the container logs appearing these connections:
<W>2021-03-11 13:08:38.725 1 => <6:(-1)> New connection: 92.63.197.18:58910
<W>2021-03-11 13:08:38.737 1 => <6:(-1)> Connection closed: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 13:08:38.833 1 => <7:(-1)> New connection:
92.63.197.18:34938
<W>2021-03-11 13:08:38.846 1 => <7:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 13:47:34.826 1 => <8:(-1)> New connection:
92.63.197.12:58166
<W>2021-03-11 13:47:34.846 1 => <8:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 13:47:34.941 1 => <9:(-1)> New connection:
92.63.197.12:44180
<W>2021-03-11 13:47:34.961 1 => <9:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 14:37:34.546 1 => <10:(-1)> New connection:
92.63.197.16:41824
<W>2021-03-11 14:37:34.558 1 => <10:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 14:37:34.654 1 => <11:(-1)> New connection:
92.63.197.16:42908
<W>2021-03-11 14:37:34.668 1 => <11:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 15:17:31.319 1 => <12:(-1)> New connection:
185.156.73.31:59664
<W>2021-03-11 15:17:31.332 1 => <12:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 15:17:31.427 1 => <13:(-1)> New connection:
185.156.73.31:60924
<W>2021-03-11 15:17:31.443 1 => <13:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 15:44:45.393 1 => <14:(-1)> New connection:
92.63.197.9:48518
<W>2021-03-11 15:44:45.414 1 => <14:(-1)> Connection closed: Error
during SSL handshake: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number [13]
<W>2021-03-11 15:44:45.506 1 => <15:(-1)> New connection:
92.63.197.9:49666
<W>2021-03-11 15:44:45.518 1 => <15:(-1)> Connection closed: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number [13]
<W>2021-03-12 02:28:14.212 1 => <16:(-1)> New connection: 45.93.201.126:63058
<W>2021-03-12 02:28:14.227 1 => <16:(-1)> Connection closed: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number [13]
<W>2021-03-12 06:43:45.692 1 => <17:(-1)> New connection: 45.93.201.126:63726
<W>2021-03-12 06:43:45.708 1 => <17:(-1)> Connection closed: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number [13]
<W>2021-03-12 19:51:17.956 1 => <2:(-1)> New connection: 185.156.72.10:61866
<W>2021-03-12 19:51:17.972 1 => <2:(-1)> Connection closed: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number [13]
I tried to look into what these IP are but they’re surely spoofed in some way because a couple services I looked at pointed them to different sources.
Now coming to the big question: should I be worried? Should I get a new DNS name?