Zerotier linux clients, many, generating 172.17.0.1 desination traffic externally

Hi all, I’ve been using zerotier a long time now, and have been noticing with using better log analysis lately a lot of bogon-ish traffic generated by multiple clients with the destination of 172.17.0.1. Looking a bit closer, I realized it was all zerotier ports (udp/9993), and seems to be attempting to be used like the upstream controllers, but no idea why it would do this.

All my clients doing this using zerotier are linux except the firewall using freebsd, but is there something oddly hardcoded in the zerotier client stack for *nix’s to make it really want to talk to 172.17.0.1? I have never used 172.17/16 or any of the 172.16/12 here, and in fact began null routing the traffic as there was such volume of it being generated by all my linux clients.

I did briefly test my android connecting and don’t see that 172.17.0.1 traffic with it, seems something with the *nix clients. I noticed this and investigated as finally I saw it still transmitted to the internet even with lan filters, mostly because the firewall self-traffic bypasses the rules, had to null route it finally…

Anyone else seeing this with linux or bsd clients?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.