What do I mean by “IP volatility”? Today, many organizations use cloud services and micro-services. In such environments, IP addresses assigned to virtual machines or services can often be volatile, meaning they can change or be reassigned to other organizations or users. This presents a risk for services relying on static IPs for security configurations and may introduce impersonation or data leakage issues.
This morning, I was setting up a new environment. I got a new IP address assigned by my hosting company and deployed a classic configuration: a reverse-proxy redirecting to many web services and generating Let’s Encrypt certificates.
Once the reverse proxy was in place, I started to deploy more services but detected some activity in the log (always keep an eye on your logs!) and saw this:
{"level":"debug","time":"2025-02-15T06:22:33Z","caller":"github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228","message":"Serving default certificate for request: \"postmaster.xxxxxxxx.hu\""}
{"level":"debug","time":"2025-02-15T06:46:36Z","caller":"github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228","message":"Serving default certificate for request: \"pop3.xxxxxxxx.hu\""}
{"level":"debug","time":"2025-02-15T07:04:16Z","caller":"github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228","message":"Serving default certificate for request: \”xxxxxxxx.hu\""}
A quick DNS request confirmed that these hosts are resolving to my newly assigned IP!
Worse, this organization seems to still be using POP3, and a user (or a script) is still trying to fetch emails using this protocol!
Some tips:
- When you move to another hosting solution, update your DNS records
- Cleanup your DNS zones and remove unwanted entries
- Use mechanisms to preserve your IP addresses (like “Elastic IPs” provided by AWS)
Xavier Mertens (@xme)
Xameco
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key
