Dear ,
WehavereceivedasecurityalertfromtheGermanFederalOfficeforInformationSecurity(BSI).
Pleaseseetheoriginalreportincludedbelowfordetails.
Weareautomaticallyforwardingthisalertontoyou,foryourinformation.
Youdonotneedtosendus,ortheBSI,aresponse.
However,wedoaskthatyoucheckthealertandtoresolveanypotentialissues.
AdditionalinformationisprovidedwiththeHOWTOsreferencedinthereport.
Incaseoffurtherquestions,pleasecontact[email protected]andkeeptheticketnumberoftheoriginalreport[CB-Report#...]inthesubjectline.Donotreplyto<[email protected]>asthisisjustthesenderaddressforthereportsandmessagessenttothisaddresswillnotberead.
Kindregards
AbuseTeam
HetznerOnlineGmbH
Industriestr.25
91710Gunzenhausen/Germany
Tel:+4998315050
Fax:+4998315053
www.hetzner.com
RegisterCourt:RegistergerichtAnsbach,HRB6089
CEO:MartinHetzner,StephanKonvickova,GüntherMüller
Forthepurposesofthiscommunication,wemaysavesome
ofyourpersonaldata.Forinformationonourdataprivacy
policy,pleasesee:www.hetzner.com/datenschutzhinweis
On24Nov09:31,[email protected]wrote:
DearSirorMadam,
thePortmapperservice(portmap,rpcbind)isrequiredformappingRPC
requeststoanetworkservice.ThePortmapperserviceisneedede.g.
formountingnetworksharesusingtheNetworkFileSystem(NFS).
ThePortmapperservicerunsonport111tcp/udp.
InadditiontobeingabusedforDDoSreflectionattacks,the
Portmapperservicecanbeusedbyattackerstoobtaininformation
onthetargetnetworklikeavailableRPCservicesornetworkshares.
Overthepastmonths,systemsrespondingtoPortmapperrequestsfrom
anywhereontheInternethavebeenincreasinglyabusedDDoSreflection
attacksagainstthirdparties.
Pleasefindbelowalistofaffectedsystemshostedonyournetwork.
Thetimestamp(timezoneUTC)indicateswhentheopenlyaccessible
Portmapperservicewasidentified.
Wewouldliketoaskyoutocheckthisissueandtakeappropriate
stepstosecurethePortmapperservicesontheaffectedsystemsor
notifyyourcustomersaccordingly.
Ifyouhaverecentlysolvedtheissuebutreceivedthisnotification
again,pleasenotethetimestampincludedbelow.Youshouldnot
receiveanyfurthernotificationswithtimestampsaftertheissue
hasbeensolved.
Additionalinformationonthisnotification,adviceonhowtofix
reportedissuesandanswerstofrequentlyaskedquestions:
https://reports.cert-bund.de/en/
ThismessageisdigitallysignedusingPGP.
Informationonthesignaturekeyisavailableat:
https://reports.cert-bund.de/en/digital-signature
Pleasenote:
Thisisanautomaticallygeneratedmessage.Repliestothe
senderaddress<[email protected]>willNOTberead
butsilentlybediscarded.Incaseofquestions,pleasecontact
<[email protected]>andkeeptheticketnumber[CB-Report#...]
ofthismessageinthesubjectline.
Affectedsystemsonyournetwork:
Format:ASN|IP|Timestamp(UTC)|RPCresponse
24940|我的IP地址|2021-11-2308:06:51|1000004111/udp;1000003111/udp;1000002111/udp;1000004111/udp;1000003111/udp;1000002111/udp;
MitfreundlichenGren/Kindregards
TeamCERT-Bund
BundesamtfrSicherheitinderInformationstechnik
FederalOfficeforInformationSecurity(BSI)
ReferatOC25-CERT-Bund
GodesbergerAllee185-189,53175Bonn,Germany
-----------------------------------------------------
**网友回复**:
警告回去你们没有资格从实力的地位出发和中国人谈话
网友回复:
不用怕,我以前也经常收到FBIwarning!警告,越警告越兴奋
网友回复:
systemctldisablerpcbind.target
systemctldisablerpcbind.socket
systemctldisablerpcbind.service
systemctlstoprpcbind.target
systemctlstoprpcbind.socket
systemctlstoprpcbind.service
网友回复:
Youdonotneedtosendus,ortheBSI,aresponse.
网友回复:
如果是你干的,无需理会
如果不是你干的,重装
网友回复:
引用:LikeOracle发表于2021-11-2511:39
有没有点公德心啊,不会先翻译一下再发出来吗
网友回复:
国外的诈骗来了??????????????????
网友回复:
Youdonotneedtosendus,ortheBSI,aresponse.
网友回复:
你有互联网开放111/tcp/udp端口Portmapper服务么?比如使用公网IP挂载NFS。
iptables加条入站DROP规则吧。
网友回复:
引用:朕的大清完了?发表于2021-11-2512:57
真吉儿水
网友回复:
不用怕,我以前也经常收到FBIwarning!警告,越警告越兴奋
网友回复:
systemctldisablerpcbind.target
systemctldisablerpcbind.socket
systemctldisablerpcbind.service
systemctlstoprpcbind.target
systemctlstoprpcbind.socket
systemctlstoprpcbind.service
网友回复:
一看标题就知道HZ。
是个安全提醒,最好关闭相关服务或端口,不理他也行。
Format:ASN|IP|Timestamp(UTC)|RPCresponse
24940|我的IP地址|2021-11-2308:06:51|1000004111/udp;1000003111/udp;1000002111/udp;1000004111/udp;1000003111/udp;1000002111/udp;
网友回复:
这个贴充分暴露了loc里的一堆人的水平和智商。
回正题,这个不用理会它,只是官方扫描器发现你开放了端口,提醒一下你要注意。如果有问题,就修补,没问题,就不鸟它,为了省得烦心,如果不需要,把端口关了最好。
网友回复:
大概意思是说你的机器上有些端口的服务容易被日,建议你做些处理
网友回复:
引用:martin008发表于2021-11-2513:51
不用怕,我以前也经常收到FBIwarning!警告,越警告越兴奋