{"id":541218,"date":"2021-09-29T19:39:57","date_gmt":"2021-09-29T11:39:57","guid":{"rendered":"http:\/\/4563.org\/?p=541218"},"modified":"2021-09-29T19:39:57","modified_gmt":"2021-09-29T11:39:57","slug":"hetzner%e6%94%b6%e5%88%b0%e4%ba%86%e6%bb%a5%e7%94%a8%e8%ad%a6%e5%91%8a%e6%98%af%e5%95%a5%e6%83%85%e5%86%b5","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=541218","title":{"rendered":"hetzner\u6536\u5230\u4e86\u6ee5\u7528\u8b66\u544a\u662f\u5565\u60c5\u51b5"},"content":{"rendered":"\n<p>  \t\t\t\t\t<strong>\u767e\u5ea6\u7f51\u76d8<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 20&nbsp;\u5206\u949f\u524d\t<\/p>\n<h3>hetzner\u6536\u5230\u4e86\u6ee5\u7528\u8b66\u544a\u662f\u5565\u60c5\u51b5<\/h3>\n<p>  \t\trt\uff0c\u675c\u752b\u5b89\u88c5\u7684proxmox\u5f00\u5c0f\u9e21\u8f6c\u5b58\u767e\u5ea6\u7f51\u76d8\u4ec0\u4e48\u7684\uff0c\u521a\u624d\u7a81\u7136\u6536\u5230\u4e86\u6ee5\u7528\u8b66\u544a\uff0c\u67e5\u770b\u4e86\u4e0b\u6ca1\u6709\u5f02\u5e38\u7684\u8fdb\u7a0b\uff0c\u6bcd\u9e21\u548c\u6d88\u6781\u90fd\u662f\u8bbe\u7f6e\u768416\u4f4d\u968f\u673a\u751f\u6210\u5927\u5c0f\u5199\u6570\u5b57\u6df7\u5408\u5b57\u7b26\u5f3a\u5bc6\u7801\uff0c\u8bf7\u6559\u4e0b\u5404\u4f4d\u5927\u4f6c\u8fd9\u662f\u5565\u60c5\u51b5yc002t <\/p>\n<p>  We have received a security alert from the German Federal Office for Information Security (BSI).<br \/>  Please see the original report included below for details.<br \/>  We are automatically forwarding this alert on to you, for your information.<br \/>  You do not need to send us, or the BSI, a response.<br \/>  However, we do ask that you check the alert and to resolve any potential issues.<br \/>  Additional information is provided with the HOWTOs referenced in the report.<br \/>  In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report  in the subject line. Do not reply toas this is just the sender address for the reports and messages sent to this address will not be read.<\/p>\n<p>  Kind regards<br \/>  Abuse Team<br \/>  Hetzner Online GmbH<\/p>\n<p>  On 29 Sep 10:35, reports@reports.cert-bund.de wrote:<br \/>   Dear Sir or Madam,<\/p>\n<p>   the Portmapper service (portmap, rpcbind) is required for mapping RPC<br \/>   requests to a network service. The Portmapper service is needed e.g.<br \/>   for mounting network shares using the Network File System (NFS).<br \/>   The Portmapper service runs on port 111 tcp\/udp.<br \/>   In addition to being abused for DDoS reflection attacks, the<br \/>   Portmapper service can be used by attackers to obtain information<br \/>   on the target network like available RPC services or network shares.<br \/>   Over the past months, systems responding to Portmapper requests from<br \/>   anywhere on the Internet have been increasingly abused DDoS reflection<br \/>   attacks against third parties.<br \/>   Please find below a list of affected systems hosted on your network.<br \/>   The timestamp (timezone UTC) indicates when the openly accessible<br \/>   Portmapper service was identified.<br \/>   We would like to ask you to check this issue and take appropriate<br \/>   steps to secure the Portmapper services on the affected systems or<br \/>   notify your customers accordingly.<br \/>   If you have recently solved the issue but received this notification<br \/>   again, please note the timestamp included below. You should not<br \/>   receive any further notifications with timestamps after the issue<br \/>   has been solved.<\/p>\n<p>   Additional information on this notification, advice on how to fix<br \/>   reported issues and answers to frequently asked questions:<\/p>\n<p>   This message is digitally signed using PGP.<br \/>   Information on the signature key is available at:<\/p>\n<p>   Please note:<br \/>   This is an automatically generated message. Replies to the<br \/>   sender addresswill NOT be read<br \/>   but silently be discarded. In case of questions, please contact<br \/>  and keep the ticket number <br \/>   of this message in the subject line.<\/p>\n<p>   Affected systems on your network:<\/p>\n<p>   Format: ASN | IP | Timestamp (UTC) | RPC response<br \/>  24940 | **.**.**.** | 2021-09-28 05:43:07 | 100000 4 111\/udp; 100000 3 111\/udp; 100000 2 111\/udp; 100000 4 111\/udp; 100000 3 111\/udp; 100000 2 111\/udp;<\/p>\n<p>  \u673a\u7ffb\uff1a<\/p>\n<p>  9\u670829\u65e510:35\uff0creports@reports.cert-bund.de\u5199\u9053\uff1a<br \/>  \u4eb2\u7231\u7684\u5148\u751f\u6216\u5973\u58eb\uff1a\uff0c<br \/>  \u6620\u5c04RPC\u9700\u8981\u7aef\u53e3\u6620\u5c04\u7a0b\u5e8f\u670d\u52a1\uff08portmap\uff0crpcbind\uff09<br \/>  \u5bf9\u7f51\u7edc\u670d\u52a1\u7684\u8bf7\u6c42\u3002\u9700\u8981\u7aef\u53e3\u6620\u5c04\u5668\u670d\u52a1\uff0c\u4f8b\u5982\u3002<br \/>  \u7528\u4e8e\u4f7f\u7528\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf\uff08NFS\uff09\u88c5\u8f7d\u7f51\u7edc\u5171\u4eab\u3002<br \/>  Portmapper\u670d\u52a1\u5728\u7aef\u53e3111 tcp\/udp\u4e0a\u8fd0\u884c\u3002<br \/>  \u9664\u4e86\u88ab\u6ee5\u7528\u8fdb\u884cDDoS\u53cd\u5c04\u653b\u51fb\u4e4b\u5916<br \/>  \u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528Portmapper\u670d\u52a1\u83b7\u53d6\u4fe1\u606f<br \/>  \u5728\u76ee\u6807\u7f51\u7edc\u4e0a\uff0c\u4f8b\u5982\u53ef\u7528\u7684RPC\u670d\u52a1\u6216\u7f51\u7edc\u5171\u4eab\u3002<br \/>  \u5728\u8fc7\u53bb\u7684\u51e0\u4e2a\u6708\u4e2d\uff0c\u7cfb\u7edf\u54cd\u5e94\u6765\u81ea\u7684Portmapper\u8bf7\u6c42<br \/>  \u4e92\u8054\u7f51\u4e0a\u7684\u4efb\u4f55\u5730\u65b9\u90fd\u88ab\u8d8a\u6765\u8d8a\u591a\u7684DDoS\u53cd\u5c04\u6240\u6ee5\u7528<br \/>  \u5bf9\u7b2c\u4e09\u65b9\u7684\u653b\u51fb\u3002<br \/>  \u8bf7\u5728\u4e0b\u9762\u627e\u5230\u7f51\u7edc\u4e0a\u6258\u7ba1\u7684\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u5217\u8868\u3002<br \/>  \u65f6\u95f4\u6233\uff08\u65f6\u533aUTC\uff09\u6307\u793a\u53ef\u516c\u5f00\u8bbf\u95ee\u7684\u65f6\u95f4<br \/>  \u5df2\u8bc6\u522bPortmapper\u670d\u52a1\u3002<br \/>  \u6211\u4eec\u5e0c\u671b\u60a8\u68c0\u67e5\u6b64\u95ee\u9898\u5e76\u91c7\u53d6\u9002\u5f53\u63aa\u65bd<br \/>  \u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u6216\u670d\u52a1\u5668\u4e0a\u4fdd\u62a4Portmapper\u670d\u52a1\u7684\u6b65\u9aa4<br \/>  \u76f8\u5e94\u5730\u901a\u77e5\u60a8\u7684\u5ba2\u6237\u3002<br \/>  \u5982\u679c\u60a8\u6700\u8fd1\u5df2\u89e3\u51b3\u95ee\u9898\uff0c\u4f46\u6536\u5230\u6b64\u901a\u77e5<br \/>  \u540c\u6837\uff0c\u8bf7\u6ce8\u610f\u4e0b\u9762\u5305\u542b\u7684\u65f6\u95f4\u6233\u3002\u4f60\u4e0d\u5e94\u8be5<br \/>  \u5728\u95ee\u9898\u53d1\u751f\u540e\u63a5\u6536\u4efb\u4f55\u5e26\u6709\u65f6\u95f4\u6233\u7684\u8fdb\u4e00\u6b65\u901a\u77e5<br \/>  \u5df2\u7ecf\u89e3\u51b3\u4e86\u3002<br \/>  \u6709\u5173\u6b64\u901a\u77e5\u7684\u5176\u4ed6\u4fe1\u606f\uff0c\u5173\u4e8e\u5982\u4f55\u4fee\u590d\u7684\u5efa\u8bae<br \/>  \u62a5\u544a\u7684\u95ee\u9898\u548c\u5e38\u89c1\u95ee\u9898\u89e3\u7b54\uff1a<\/p>\n<p>  \u8fd9\u662f\u4e00\u6761\u81ea\u52a8\u751f\u6210\u7684\u6d88\u606f\u3002\u5bf9\u62a5\u544a\u7684\u7b54\u590d<br \/>  \u65e0\u6cd5\u8bfb\u53d6\u53d1\u4ef6\u4eba\u5730\u5740<br \/>  \u4f46\u9ed8\u9ed8\u5730\u88ab\u629b\u5f03\u3002<br \/>  \u7f51\u7edc\u4e0a\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\uff1a<\/p>\n<p>   Format: ASN | IP | Timestamp (UTC) | RPC response<br \/>  24940 | **.**.**.** | 2021-09-28 05:43:07 | 100000 4 111\/udp; 100000 3 111\/udp; 100000 2 111\/udp; 100000 4 111\/udp; 100000 3 111\/udp; 100000 2 111\/udp;<\/p>\n<p>  \t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>optimism<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 16&nbsp;\u5206\u949f\u524d\t<\/p>\n<h3><\/h3>\n<p>  \t\t\u68c0\u67e5\u4e86\u6ca1\u95ee\u9898\u5c31\u884c\t\t\t  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u767e\u5ea6\u7f51\u76d8 \u5927\u4f6c\u6709\u8bdd\u8bf4 : 20&#038;n&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/541218"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=541218"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/541218\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=541218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=541218"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=541218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}