0
this is kind of a weird question, but no search can help me figure it out so here it goes:
I have an on premise Gitlab CE setup, version 12.5.0.
I have a basic setup, no internet related outgoing or ingoing services.
I also disabled the update check via the WebUI.
Anyways the instance tries to connect to the following IPs roughly every 10 minutes:
- 35.241.23.245
- 23.111.9.35
- 35.226.123.231
Has anyone any idea what this could be?
Update:
- The IP
35.241.23.245terminates at grafana.com - The IP
23.111.9.35seems to be related to some Debian security service
Thorian93
Posted 2019-11-28T12:00:21.467
Reputation: 223
Hi, first thanks for your help! I went ahead and did a packet capture and as of now it seems like I could identify one IP to be related to some Debian functionality which I don't happen do know of. It sounds security related, but could also be the package popularity report. I will keep this question open for now until I have an answer myself or someone has input on this. – Thorian93 – 2019-12-02T07:52:21.127
Apt updates can not be the cause as I configured a proxy for them. I also configured the proxy for
wgetandgitthat's why I headed here to ask this awesome community for ideas. – Thorian93 – 2019-12-02T08:34:29.410We found out, that one of those IPs is associated with grafana.com although there is no Grafana instance on that server. Is it possible, that Gitlab is doing those request through HTTPS to grafana.com? – Thorian93 – 2019-12-05T15:33:50.953
I marked your question as correct answer, as you gave a good guidance on how to search and it actually helped narrow down the issue. Also there is no other candidate. :) Thanks! – Thorian93 – 2019-12-09T08:35:44.270
Hm, I think I am gonna wait for the related question and if I can figure the whole thing out I might provide information if it seems useful. Until then I think your answer is good guidance for everyone in a similar situation. – Thorian93 – 2019-12-09T08:58:34.450