I got my RPi3 back up and running after a few weeks due to SD card issues.
Now I’m getting notifications in the logs saying “Login attempt or request with invalid authentication from 172.30.33.3”.
I’m not network savy.
However, I tried to do a IP look-up, and the WHOIS IP lookup tools says:
Source: whois.arin.net
IP Address: 172.30.33.3
Name: PRIVATE-ADDRESS-BBLK-RFC1918-IANA-RESERVED
Handle: NET-172-16-0-0-1
Registration Date: 3/15/94
Range: 172.16.0.0-172.31.255.255
Org: Internet Assigned Numbers Authority
Org Handle: IANA
Address: 12025 Waterfront Drive
Suite 300
City: Los Angeles
State/Province: CA
Postal Code: 90292
Country: United States
Does this appear to be a malicious player, or a web crawler who found my internet instance because I have a 443 to 443 forwarded port to use the DuckDNS for remote access? There have been multiple instances from that IP address attempting to log on per the log.
I don’t recall ever having this issue previously.
I am password protected.
Should I try to block this IP address at the router level?
I see the physical address above in LA is the same building as ICANN.
Other forum posts have similar issues with invalid login from 172.30.33.0.
It was thought perhaps NGINX (which I am using) and DuckDNS perhaps caused this.
Any guidance is appreciated.
Thanks for your help
UPDATE
More searching on the forums shows that the 172.30.33.0 is the docker IP address.
So the question is why am I getting this error? Any ideas how to prevent it?