V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展
DigitalOcean - SSD Cloud Servers
zzy8200
V2EX  ›  VPS

DigitalOcean 发了一个 Ticket 说 SNMP 攻击

  •  
  •   zzy8200 · 2015-03-19 10:33:45 +08:00 · 453 次点击
    这是一个创建于 3540 天前的主题,其中的信息可能已经有所发展或是发生改变。

    用的是CENTOS,<del>记忆中根本没开过SNMP。</del>. 用监控宝开了SNMP.但是有用户名和强密码的。这种情况怎么处理

    Please review the following abuse complaint and provide us with a resolution:


    You appear to be running an open SNMP server at IP address X.X.X.X that participated in an attack against a customer of ours, generating large UDP responses to spoofed queries, with those responses becoming fragmented because of their size.

    Please consider reconfiguring your SNMP-speaking device in one or more of these ways:

    • Block queries made by unauthorized addresses. This can be done with an ACL or other firewall rule.
    • Use a different query string than "public" and which cannot be easily guessed by a 3rd party.
    • Disable SNMP entirely.

    If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

    Example SNMP responses sent to us by your device during the attack are given below.
    Date/timestamps (far left) are UTC.

    2015-03-17 19:54:53.942696 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto UDP (17), length 1213) X.X.X.X > 31.186.250.x.3389: UDP, length 1185
    0x0000: 4500 04bd 0000 4000 3711 2c46 68ec 8f74 [email protected].,Fh..t

    (The final octet of our customer's IP address is masked in the above output because some automatic parsers become confused when multiple IP addresses are included. The value of that octet is "207".)

    -John
    President
    Nuclearfallout, Enterprises, Inc. (NFOservers.com)

    (We're sending out so many of these notices, and seeing so many auto-responses, that we can't go through this email inbox effectively. If you have follow-up questions, please contact us at [email protected].)


    Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.

    3 条回复    2015-03-20 01:52:09 +08:00
    Showfom
        1
    Showfom  
       2015-03-19 23:27:48 +08:00
    关闭 snmp 服务即可
    zzy8200
        2
    zzy8200  
    OP
       2015-03-20 00:16:11 +08:00 via iPhone
    @Showfom 已经配置好了,开SNMP是给监控宝用的,发现没关public
    Showfom
        3
    Showfom  
       2015-03-20 01:52:09 +08:00
    @zzy8200 恩 然后你解释一下关掉即可
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1098 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 22:38 · PVG 06:38 · LAX 14:38 · JFK 17:38
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.