1901;팔리면 1656;문Ȣ16;1648; 맙시다. 소1473;한 NJ13;변 댓글1012; 삭1228;Ȣ16;lj16;,148; ǥ12;-124;러운 1068; 1077;니다160;
참.. 1901;팔리lj16; 1068;1077;니다만, 그래도 공유Ȣ16;고 0169;법1012; 들Ǻ12;보고1088; 합니다.
개1064; 데1060;터를 ᇺ1;1068;에 보관Ȣ16;고 1080;습니다. Ȣ16;드 많1008; 서버에 proxmox를 올/160;lj16;데, 보안에 너무 안1068;했습니다.
사용Ȣ16;lj16; 포트 외에lj16; 모.160; 닫고, GUI에 TOTP를 ,152;Ǻ12;.160;었lj16;데,
0120;래1032; 내가 Ȣ16;,192;1648;라lj16; 마1064;드/196; ssh-key 사용도 Ȣ16;1648; 않고 1080;었고, 심1648;Ǻ12; fail2ban1312;차 설1221;Ȣ16;1648; 않았습니다.
아래 메1068;1060; 온 뒤, 메1068;에 Ǻ16;급.108; 111포트를 닫고, syslog를 보니 gui가 버ዚ1;1068;1221;도/196; 엄청나,172; 2143;아1648;더군요..
fail2ban 0148;/196; 설치/설1221; 완료Ȣ16;고나니 1068;단1008; syslog에서 보1060;lj16; ,148; cronjob 1228;외Ȣ16;고lj16; 1312;용해1276;습니다.
ssh-key 설1221;Ȣ16;lj16; 도1473;에, ssh-key/196;도 bruteforce가 보여서 아ሖ1;해1648;네요.
ᕬ1;시나 1228;Ǻ16;1012; 해1452;실 ǥ12;ǥ16;1060; 1080;1012;1648; 문1032; 드립니다.
0120;리 감사드립니다.
-----------
현1116; proxmox서버1032; 상황1012; 공유 드립니다.
- 호스ᔚ1; 회사에서 1228;공Ȣ16;lj16; firewall1012; 1060;용해서 사용1473;1060;1648; 않1008; 포트들1008; 모.160; 닫아.164; 상태
160; - Rules Incoming
160; 160; - ipv4 icmp accept
160; 160; - ipv4 tcp dst:8006,5900 accept
160; 160; - ipv4 tcp dst:32768-65535 ack accept
160; 160; - ipv4 udp src:53,123 accept
160; 160; - ipv4 udp src:41641 accept
160; 160; - ipv4 tcp dst:2222 accept
160;- Rules outgoing
160; 160; - ipv4 tcp dst:25,465 discard
160; 160; - ipv4 tcp,udp dst:111 discard
160; 160; - ipv4 tcp allow all accept
- 공1064;ip 1개, ssh를 통한 root 1217;속 차단, GUI에서 TOTP사용 1473;1060;며
- vm 1개에 truenas를 1060;용Ȣ16;lj16; 1473;.
160; - truenas에서 tailscale 사용 1473;
- vm1032; 네트워크lj16; host1032; interfaces 파1068;에서 iptable1012; 통Ȣ16;여 nat 1201;용.
160; - truenas에서 sftp를 통해 rclone1004;/196; 2차 0177;업1648;/196; 향함.160;
+ 아무래도 유ᇼ1;ip환ᅆ1;에서 1217;속Ȣ16;다보니, source IP/196; 1217;속1228;한Ȣ16;lj16;데lj16; 위험ǥ12;NJ12;1060; 1080;Ǻ12;보여 Ȣ16;1648; 않고 1080;습니다.
-----------
아래 1060;메1068;1060; 약 3시간 1204;에 왔었습니다.
-----------
다1020; 1060;메1068; 본문1008; 호스ᔚ1; 회사에서 보내온 메1068;
------------
We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSI, a response.
In case of further questions, please contact ********@***.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <*******@*******.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
-----------
아래lj16; 1060;메1068;에 붙Ǻ12;온 BSI1032; 메1068;
------------
> Dear Sir or Madam,
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
> Over the past months, systems responding to Portmapper requests from
> anywhere on the Internet have been increasingly abused DDoS reflection
> attacks against third parties.
> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the openly accessible
> Portmapper service was identified.
> We would like to ask you to check this issue and take appropriate
> steps to secure the Portmapper services on the affected systems or
> notify your customers accordingly.
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue
> has been solved.
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <*******@*******.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <********@***.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
> Affected systems on your network:
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 160;24940 | [서버 공1064; ip라서 삭1228;합니다 ] | 2024-02-27 03:01:18 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> Mit freundlichen Grüßen / Kind regards
> Team CERT-Bund
> Bundesamt für Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat OC22 - CERT-Bund
> Godesberger Allee 87, 53175 Bonn, Germany
>
ÀÌ¿Ü¿¡ ÅͳθµÀ» ÅëÇØ ftpµîÀ» ¾µ ¼ö µµ ÀÖ½À´Ï´Ù
¾Æ´Ï¸é ÆÄÀÏ Àü¼ÛÀ» À¥¼¹ö¸¦ ÅëÇØ ÇÒ ¼ö ÀÖ½À´Ï´Ù
°¨»çÇÕ´Ï´Ù. ÃÖ´ëÇÑ À¯ÀÇÇغÁ¾ß°Ú³×¿ä.