So I have both a Canary and a security device called Cujo. Yesterday, for some reason, it started blocking the Canary from accessing a multiple of different IP’s, a wide range of them, usually on port 80 and port 443. What I’m trying to determine is are these IP’s it is blocking actually part of the Canary service, or has the Canary device been hijacked and is being used as a proxy for network attacks. Are there a list of the IP’s that Canary uses to run the service?
We had another user alert us today about Cujo blocking his Canary. The blocked IP address that the user provided is a valid Canary server IP, so I suspect you’ve encountered something similar.
Because we dynamically manage our servers based on load, there is not a fixed set of IP addresses Canary uses. However, if you whitelist *.canaryis.com and *.canary.is that should cover everything.
Thanks! That will do it.