µ¶ÀÏ ¿¬¹æ Á¤º¸º¸¾Èû (BSI)¿¡¼­ ¿Â ¸ÞÀÏ

kyile   
   Á¶È¸ 1622   Ãßõ 0    

1901;팔리면 1656;문Ȣ16;1648; 맙시다. 소1473;한 NJ13;변 댓글1012; 삭1228;Ȣ16;lj16;,148; ǥ12;-124;러운 1068; 1077;니다 

참.. 1901;팔리lj16; 1068;1077;니다만, 그래도 공유Ȣ16;고 0169;법1012; 들Ǻ12;보고1088; 합니다.


개1064; 데1060;터를 ᇺ1;1068;에 보관Ȣ16;고 1080;습니다. Ȣ16;드 많1008; 서버에 proxmox를 올/160;lj16;데, 보안에 너무 안1068;했습니다.

사용Ȣ16;lj16; 포트 외에lj16; 모.160; 닫고, GUI에 TOTP를 ,152;Ǻ12;.160;었lj16;데,

0120;래1032; 내가 Ȣ16;,192;1648;라lj16; 마1064;드/196; ssh-key 사용도 Ȣ16;1648; 않고 1080;었고, 심1648;Ǻ12; fail2ban1312;차 설122116;1648; 않았습니다.

아래 메1068;1060; 온 뒤, 메1068;에 Ǻ16;급.108; 111포트를 닫고, syslog를 보니 gui가 버ዚ1;1068;1221;도/196; 엄청나,172; 2143;아1648;더군요..

fail2ban 0148;/196; 설치/설1221; 완료Ȣ16;고나니 1068;단1008; syslog에서 보1060;lj16; ,148; cronjob 1228;외Ȣ16;고lj16; 1312;용해1276;습니다.

ssh-key 설122116;lj16; 도1473;에, ssh-key/196;도 bruteforce가 보여서 아ሖ1;해1648;네요.

1;시나 1228;Ǻ16;1012; 해1452;실 ǥ12;ǥ16;1060; 1080;1012;1648; 문1032; 드립니다.

0120;리 감사드립니다.

-----------

현1116; proxmox서버1032; 상황1012; 공유 드립니다.
- 호스ᔚ1; 회사에서 1228;공Ȣ16;lj16; firewall1012; 1060;용해서 사용1473;1060;1648; 않1008; 포트들1008; 모.160; 닫아.164; 상태
  - Rules Incoming
    - ipv4 icmp accept
    - ipv4 tcp dst:8006,5900 accept
    - ipv4 tcp dst:32768-65535 ack accept
    - ipv4 udp src:53,123 accept
    - ipv4 udp src:41641 accept
    - ipv4 tcp dst:2222 accept
 - Rules outgoing
    - ipv4 tcp dst:25,465 discard
    - ipv4 tcp,udp dst:111 discard
    - ipv4 tcp allow all accept
- 공1064;ip 1개, ssh를 통한 root 1217;속 차단, GUI에서 TOTP사용 1473;1060;며
- vm 1개에 truenas를 1060;용Ȣ16;lj16; 1473;.
  - truenas에서 tailscale 사용 1473;
- vm1032; 네트워크lj16; host1032; interfaces 파1068;에서 iptable1012; 통Ȣ16;여 nat 1201;용.
  - truenas에서 sftp를 통해 rclone1004;/196; 2차 0177;업1648;/196; 향함. 

+ 아무래도 유ᇼ1;ip환ᅆ1;에서 1217;속Ȣ16;다보니, source IP/196; 1217;속1228;한Ȣ16;lj16;데lj16; 위험ǥ12;NJ12;1060; 1080;Ǻ12;보여 Ȣ16;1648; 않고 1080;습니다.

-----------

아래 1060;메1068;1060; 약 3시간 1204;에 왔었습니다.

-----------

다1020; 1060;메1068; 본문1008; 호스ᔚ1; 회사에서 보내온 메1068;
------------

We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.

The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.

These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.

You do not need to send us, or the BSI, a response.

In case of further questions, please contact ********@***.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <*******@*******.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.

Kind regards

Abuse Team

-----------

아래lj16; 1060;메1068;에 붙Ǻ12;온 BSI1032; 메1068;
------------

> Dear Sir or Madam,

> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.

> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.

> Over the past months, systems responding to Portmapper requests from
> anywhere on the Internet have been increasingly abused DDoS reflection
> attacks against third parties.

> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the openly accessible
> Portmapper service was identified.

> We would like to ask you to check this issue and take appropriate
> steps to secure the Portmapper services on the affected systems or
> notify your customers accordingly.

> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue
> has been solved.

> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:

> <https://reports.cert-bund.de/en/>

> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>>

> Please note:
> This is an automatically generated message. Replies to the
> sender address <*******@*******.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <********@***.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
> Affected systems on your network:
> Format: ASN | IP | Timestamp (UTC) | RPC response
> &#160;24940 | [서버 공1064; ip라서 삭1228;합니다 ] | 2024-02-27 03:01:18 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> Mit freundlichen Grüßen / Kind regards
> Team CERT-Bund
> Bundesamt für Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat OC22 - CERT-Bund
> Godesberger Allee 87, 53175 Bonn, Germany

>

ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
Èñ¿î 02-28
Á¦°¡ º¸±â¿£ ÁÖ±âÀûÀ¸·Î ±Ü¾îº¸´Â °Í¿¡ ÀâÈ÷½Å °Í °°°í, ¿¹¹æ Á¶Ä¡·Î ÅëÁö°¡ ¿Â °ÍÀ¸·Î º¸À̴µ¥¿ä. ¼­¹ö¿¡¼­ ³­¸®³­ °Í°ú´Â º°°³·Î...  À§ ¸ÞÀÏ ÀÚü´Â Á¶Ä¡ ÃëÇϼÌÀ¸¸é ±×¸® °ÆÁ¤ÇÏÁö ¾Ê¾Æµµ µÉ °Í °°½À´Ï´Ù. ³×´ú¶õµå vps¾µ ¶§ À¯»ç ¸ÞÀÏ ¹ÞÀº ±â¾ïÀÌ Àֳ׿ä.
     
kyile 03-01
°¨»çÇÕ´Ï´Ù. ÀÌ·¸°Ô ¹Þ¾Æº» °Ç óÀ½ÀÌ¶ó¼­ ´çȲÇß¾ú³×¿ä.
dateno1 02-29
°¡´ÉÇÏ´Ù¸é °ü¸®ÂÊ¿¡ Á¢±Ù °¡´ÉÇÑ ¼ö´ÜÀº Á÷Á¢ÀûÀ롂 ´Ù ¸·¾Æ¹ö¸®°í, ÅͳθµÀ» ÅëÇؼ­¸¸ Á¢±ÙÇÏ°Ô ÇÏ½Ã´Â°Ô ¾ÈÀüÇÒ²®´Ï´Ù
     
kyile 03-01
°¨»çÇÕ´Ï´Ù. °¡´ÉÇÑ ÅͳθµÀ¸·Î ÇÏ°í´Â Àִµ¥, ÆÄÀÏ Àü¼Û¸¸Å­Àº °íµÇ¼­¿ä.. ´ë·« Á¶Ä¡´Â ÇÑ °Í °°Àºµ¥, ±×·¡µµ ´«¿¡ ºÒÀ» ÄÑ°í ÁöÄѺÁ¾ß°Ú½À´Ï´Ù.
          
dateno1 03-01
ÆÄÀÏ Àü¼Ûµµ ¾îÂ÷ÇÇ Åͳθµ ¼ö´ÜÀ¸·Î µË´Ï´Ù (SSH¸¸ Çصµ SCP Á¦°øµË´Ï´Ù)

ÀÌ¿Ü¿¡ ÅͳθµÀ» ÅëÇØ ftpµîÀ» ¾µ ¼ö µµ ÀÖ½À´Ï´Ù

¾Æ´Ï¸é ÆÄÀÏ Àü¼ÛÀ» À¥¼­¹ö¸¦ ÅëÇØ ÇÒ ¼ö ÀÖ½À´Ï´Ù
¼úÀÌ 02-29
ºí·¢¾ÆÀÌÇÇ °øÀ¯»çÀÌÆ®¿¡ DB¿¡ µî·ÏµÇ¸é ¼­ºñ½º Çϱâ Èûµé°Ì´Ï´Ù. ¿¨°£ÇÑ ºí·¢¾ÆÀÌÇÇ DB ÂüÁ¶ÇÏ¿© ¹«Á¶°Ç Â÷´ÜÀ¸·Î µî·ÏÇؼ­...
     
kyile 03-01
ºñ½ÁÇÑ µí ´Ù¸£°Ô, ÀÌÁ¦ 10³âµµ ´õ µÈ ÀÏÀ̱ä Çѵ¥, ¸ð È£½ºÆþ÷ü¿¡ ¾Æ´Â ºÐ ȸ»ç ¿öµåÇÁ·¹½º ¿Ã·È´Âµ¥ ÀÌ»óÇÏ°Ô KT¸Á¿¡¼­¸¸ ¾ÈµÇ¾ú´ø ±â¾ïÀÌ ³ª³×¿ä.
°¨»çÇÕ´Ï´Ù. ÃÖ´ëÇÑ À¯ÀÇÇغÁ¾ß°Ú³×¿ä.


QnA
Á¦¸ñPage 111/440
02-29   1053   ¹Ì´ã
02-29   1990   Kimmandu
02-29   1314   Á¦·Î¿ø¼ÒÇÁÆ®
02-29   1086   piedPiper
02-29   964   gmltj
02-29   1413   À±À±d
02-29   1355   ¾¾Ç»ÁöÇ»
02-29   1067   ³ªÀÌ·Õ
02-29   1045   ¶Ñ¾Ó
02-29   1121   ½ÅÀº¿Ö
02-29   984   ¹Ù´Ù´Á´ë
02-29   1065   kenzo
02-29   1705   ¹Ì´ã
02-29   1722   ÀüÀÏÀå
02-29   1698   ÀÌâÁØ
02-29   1725   2CPUÃÖÁÖÈñ
02-29   1777   JBJB
02-29   1605   ¸ÚÁøi
02-29   1267   ¹Ú¹®Çü
02-28   1831   ½Å¿ì¼·