用hetzner的瞧瞧看德国联邦给我发消息了

alan_1019

本帖最后由 alan_1019 于 2018-4-12 01:29 编辑



我个龟龟哎，刚刚收到消息吓一跳因为又干啥子了~~要封机了~~结果没事只是警告一下，看你们拿hetzner去开站的mjj最好小心点



我是特价杜普

以下是邮件原文，部分内容以删：
[ol]

We received a security alert from the German Federal Office for Information Security (BSI).

Please see the original report included below for details.

Please investigate and solve the reported issue.

It is not required that you reply to either us or the BSI.

If the issue has been fixed successfully, you should not receive any further notifications.

Do not reply  as this is just the sender address for the

reports and messages sent to this address will not be read.

Kind regards

Abuse team

On 11 Apr 16:23, * wrote:

> Dear Sir or Madam,

>

> the Portmapper service (portmap, rpcbind) is required for mapping RPC

> requests to a network service. The Portmapper service is needed e.g.

> for mounting network shares using the Network File System (NFS).

> The Portmapper service runs on port 111 tcp/udp.

>

> In addition to being abused for DDoS reflection attacks, the

> Portmapper service can be used by attackers to obtain information

> on the target network like available RPC services or network shares.

>

> Over the past months, systems responding to Portmapper requests from

> anywhere on the Internet have been increasingly abused DDoS reflection

> attacks against third parties.

>

> Affected systems on your network:

>

> Format: ASN | IP | Timestamp (UTC) | RPC response

>  24940 | 略 | 2018-04-10 04:10:47 | 100000 2 111/udp; 100000 2 111/udp; 100024 1 43825/udp; 100024 1 44865/udp;

>

> We would like to ask you to check this issue and take appropriate

> steps to secure the Portmapper services on the affected systems or

> notify your customers accordingly.

>

> If you have recently solved the issue but received this notification

> again, please note the timestamp included below. You should not

> receive any further notifications with timestamps after the issue

> has been solved.

>

> Additional information on this notification, advice on how to fix

> reported issues and answers to frequently asked questions:

>  

> This message is digitally signed using PGP.

> Information on the signature key is available at:

> [/ol]复制代码
顺便看看这是多大的量看不明白~

domin

是你的机器被利用作反射攻击了.
111 NFS portmap端口.

alan_1019

domin 发表于 2018-4-12 01:31

是你的机器被利用作反射攻击了.
111 NFS portmap端口.


原来如此有什么防护方法？直接封端口？

domin

嗯. 封端口
UDP 111

funders

/etc/init.d/rpcbind* stop

tomcb

自己的问题，禁用想关服务，封上端口就完了