[Solved] Unusual traffic from my Plex server to some Linode hosted server in UK

Ricka23 · January 31, 2019, 12:42pm

I’m running the latest official Plex docker image and my IDS just alerted on some SSH traffic over port 443 as a proxy evasion attempt. The destination ip address of the SSH traffic is 178.79.142.46. According to Shodan, this server is hosting an openSSH service on port 443.

Is this normal Plex traffic?

frederick.grayson · February 1, 2019, 12:53am

See:

https://www.google.com/search?source=hp&ei=7ZdTXOHoFKnLjgTN3afwBw&q=plex+members+linode&oq=plex+linode&gs_l=psy-ab.1.2.0j0i22i30l2.1322.4580…7976…0.0…0.256.1350.4j7j1…0…1…gws-wiz…0…35i39j0i131.X9CFGD0kHgU

Ricka23 · February 1, 2019, 8:41am

Turned out to be an ssh tunnel Plex uses for their Relay feature. I understand why this is done over port 443 and not 22. If this is documented somewhere, I couldn’t find it.

system · May 2, 2019, 8:49am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Suspicious connections from Plex to the internet Desktops & Laptops server-linux	3	221	April 20, 2020
SSH stops when PlexConnect running Apps & Creations	6	63	December 21, 2019
Was Plex hacked or is it just full of adware/spam? General Discussions	12	371	November 1, 2022
SSH tunnel to Plex server worked for players the other day, now it won't. Why? Plex Players android-mobile-legacy , roku	13	187	March 23, 2021
What tcp connections does Plex maintain? Desktops & Laptops server-linux	2	287	August 8, 2019

[Solved] Unusual traffic from my Plex server to some Linode hosted server in UK

Related topics