用hetzner的瞧瞧看德国联邦给我发消息了

alan_1019

我个龟龟哎，刚刚收到消息吓一跳因为又干啥子了~~要封机了~~结果没事只是警告一下，看你们拿hetzner去开站的mjj最好小心点

我是特价杜普

以下是邮件原文，部分内容以删：

1. We received a security alert from the German Federal Office for Information Security (BSI).
   
2. Please see the original report included below for details.
   
3. 
   
4. Please investigate and solve the reported issue.
   
5. It is not required that you reply to either us or the BSI.
   
6. If the issue has been fixed successfully, you should not receive any further notifications.
   
7. 
   
8. Do not reply  as this is just the sender address for the
   
9. reports and messages sent to this address will not be read.
   
10. 
    
11. Kind regards
    
12. 
    
13. Abuse team
    
14. 
    
15. On 11 Apr 16:23, * wrote:
    
16. > Dear Sir or Madam,
    
17. >
    
18. > the Portmapper service (portmap, rpcbind) is required for mapping RPC
    
19. > requests to a network service. The Portmapper service is needed e.g.
    
20. > for mounting network shares using the Network File System (NFS).
    
21. > The Portmapper service runs on port 111 tcp/udp.
    
22. >
    
23. > In addition to being abused for DDoS reflection attacks, the
    
24. > Portmapper service can be used by attackers to obtain information
    
25. > on the target network like available RPC services or network shares.
    
26. >
    
27. > Over the past months, systems responding to Portmapper requests from
    
28. > anywhere on the Internet have been increasingly abused DDoS reflection
    
29. > attacks against third parties.
    
30. >
    
31. > Affected systems on your network:
    
32. >
    
33. > Format: ASN | IP | Timestamp (UTC) | RPC response
    
34. >  24940 | 略 | 2018-04-10 04:10:47 | 100000 2 111/udp; 100000 2 111/udp; 100024 1 43825/udp; 100024 1 44865/udp;
    
35. >
    
36. > We would like to ask you to check this issue and take appropriate
    
37. > steps to secure the Portmapper services on the affected systems or
    
38. > notify your customers accordingly.
    
39. >
    
40. > If you have recently solved the issue but received this notification
    
41. > again, please note the timestamp included below. You should not
    
42. > receive any further notifications with timestamps after the issue
    
43. > has been solved.
    
44. >
    
45. > Additional information on this notification, advice on how to fix
    
46. > reported issues and answers to frequently asked questions:
    
47. > <https://reports.cert-bund.de/en/&gt;
    
48. >
    
49. > This message is digitally signed using PGP.
    
50. > Information on the signature key is available at:
    
51. >

复制代码

顺便看看这是多大的量看不明白~

domin

是你的机器被利用作反射攻击了.
111 NFS portmap端口.

alan_1019

domin 发表于 2018-4-12 01:31
是你的机器被利用作反射攻击了.
111 NFS portmap端口.

原来如此有什么防护方法？直接封端口？

domin

嗯. 封端口
UDP 111

funders

/etc/init.d/rpcbind* stop

tomcb

自己的问题，禁用想关服务，封上端口就完了