找回密码
 立即注册
CeraNetworksBGVM服务器主机交流会员请立即修改密码Sharktech防护
查看: 44|回复: 5

用hetzner的瞧瞧看德国联邦给我发消息了

[复制链接]

5

主题

16

回帖

115

积分

注册会员

积分
115
发表于 2018-4-12 01:26:26 | 显示全部楼层 |阅读模式
本帖最后由 alan_1019 于 2018-4-12 01:29 编辑



我个龟龟哎,刚刚收到消息吓一跳因为又干啥子了~~要封机了~~结果没事只是警告一下,看你们拿hetzner去开站的mjj最好小心点



我是特价杜普

以下是邮件原文,部分内容以删:
[ol]
  • We received a security alert from the German Federal Office for Information Security (BSI).
  • Please see the original report included below for details.
  • Please investigate and solve the reported issue.
  • It is not required that you reply to either us or the BSI.
  • If the issue has been fixed successfully, you should not receive any further notifications.
  • Do not reply  as this is just the sender address for the
  • reports and messages sent to this address will not be read.
  • Kind regards
  • Abuse team
  • On 11 Apr 16:23, * wrote:
  • > Dear Sir or Madam,
  • >
  • > the Portmapper service (portmap, rpcbind) is required for mapping RPC
  • > requests to a network service. The Portmapper service is needed e.g.
  • > for mounting network shares using the Network File System (NFS).
  • > The Portmapper service runs on port 111 tcp/udp.
  • >
  • > In addition to being abused for DDoS reflection attacks, the
  • > Portmapper service can be used by attackers to obtain information
  • > on the target network like available RPC services or network shares.
  • >
  • > Over the past months, systems responding to Portmapper requests from
  • > anywhere on the Internet have been increasingly abused DDoS reflection
  • > attacks against third parties.
  • >
  • > Affected systems on your network:
  • >
  • > Format: ASN | IP | Timestamp (UTC) | RPC response
  • >  24940 | 略 | 2018-04-10 04:10:47 | 100000 2 111/udp; 100000 2 111/udp; 100024 1 43825/udp; 100024 1 44865/udp;
  • >
  • > We would like to ask you to check this issue and take appropriate
  • > steps to secure the Portmapper services on the affected systems or
  • > notify your customers accordingly.
  • >
  • > If you have recently solved the issue but received this notification
  • > again, please note the timestamp included below. You should not
  • > receive any further notifications with timestamps after the issue
  • > has been solved.
  • >
  • > Additional information on this notification, advice on how to fix
  • > reported issues and answers to frequently asked questions:
  • >  
  • > This message is digitally signed using PGP.
  • > Information on the signature key is available at:
  • > [/ol]复制代码
    顺便看看这是多大的量看不明白~

  • 回复

    使用道具 举报

    49

    主题

    926

    回帖

    3169

    积分

    论坛元老

    积分
    3169
    发表于 2018-4-12 01:31:21 | 显示全部楼层
    是你的机器被利用作反射攻击了.
    111 NFS portmap端口.
    回复

    使用道具 举报

    5

    主题

    16

    回帖

    115

    积分

    注册会员

    积分
    115
     楼主| 发表于 2018-4-12 01:33:49 | 显示全部楼层

    domin 发表于 2018-4-12 01:31

    是你的机器被利用作反射攻击了.
    111 NFS portmap端口.



    原来如此有什么防护方法?直接封端口?
    回复

    使用道具 举报

    49

    主题

    926

    回帖

    3169

    积分

    论坛元老

    积分
    3169
    发表于 2018-4-12 01:31:00 | 显示全部楼层
    嗯. 封端口
    UDP 111
    回复

    使用道具 举报

    24

    主题

    609

    回帖

    2105

    积分

    金牌会员

    积分
    2105
    发表于 2018-4-12 01:35:31 | 显示全部楼层
    /etc/init.d/rpcbind* stop
    回复

    使用道具 举报

    133

    主题

    2030

    回帖

    7120

    积分

    论坛元老

    积分
    7120
    发表于 2018-4-12 04:08:41 | 显示全部楼层
    自己的问题,禁用想关服务,封上端口就完了
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    Archiver|手机版|小黑屋|HS2V主机综合交流论坛

    GMT+8, 2024-11-2 11:25 , Processed in 1.121081 second(s), 4 queries , Gzip On, Redis On.

    Powered by Discuz! X3.5 |   访问量:   |   访客量:  

    © 2001-2024 Discuz! Team. |   今日访问量:    |   今日访客量:  

    快速回复 返回顶部 返回列表