I am running a single-node instance of HiveMQ CE on Ubuntu 18.04 for a production system that is open to the internet on a non-standard MQTT port. Periodically (2-4 times per day, for about 10-30 minutes) I see a large number of messages in event.log identical to the following:
[TIMESTAMP] - Client ID: UNKNOWN, IP: UNKNOWN disconnected ungracefully.
I see the CPU usage of our machine climb steadily during this period, as well as the rate of DISCONNECT messages (although our 15k+ clients stay connected at a normal level). I have not found any relevant information anywhere on the web, and without a ClientID or source IP address, I’m not sure how to trace where this traffic is coming from.
Is it possible that someone is discovering our server with a port-scanning tool? Do I have a configuration parameter set incorrectly?