|
|
几十台德国小鸡都收到这个漏洞报告,还在不断收到邮件,这玩意该怎么处理
尊敬的先生或女士,
Portmapper 服务 (portmap、rpcbind) 是将 RPC 请求映射到网络服务所必需的。例如,使用网络文件系统 (NFS) 安装网络共享时需要 Portmapper 服务。
Portmapper 服务在端口 111 tcp/udp 上运行。
除了被滥用于 DDoS 反射攻击之外,
攻击者还可以使用
Portmapper 服务获取目标网络的信息,例如可用的 RPC 服务或网络共享。
在过去的几个月里,响应来自互联网上任何地方的 Portmapper 请求的系统越来越多地被滥用于针对第三方的 DDoS 反射攻击。
请在下方找到您网络上托管的受影响系统的列表。
时间戳(时区 UTC)表示何时识别出可公开访问的
Portmapper 服务。
我们希望您检查此问题并采取适当的
步骤来保护受影响系统上的 Portmapper 服务或
相应地通知您的客户。
如果您最近解决了该问题但又收到此通知,请注意下面包含的时间戳。问题解决后,您不应再收到任何带有时间戳的通知。
有关此通知的其他信息、有关如何修复已报告问题的建议以及常见问题解答:
<https://reports.cert-bund.de/en/>
此消息使用 PGP 进行数字签名。
有关签名密钥的信息可在以下位置获得:
<https://reports.cert-bund.de/en/digital-signature>
请注意:
这是一条自动生成的消息。对发件人地址 <reports@reports.cert-bund.de> 的回复将不会被阅读,而是会被默默丢弃。如有疑问,请联系
<certbund@bsi.bund.de> 并在主题行中保留此消息的票号 [CB-Report#...]。
!! 请务必查阅我们的 HOWTO 和常见问题解答,网址为
!! <https://reports.cert-bund.de/en/> 首先。
Dear Sir or Madam,
the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.
In addition to being abused for DDoS reflection attacks, the
Portmapper service can be used by attackers to obtain information
on the target network like available RPC services or network shares.
Over the past months, systems responding to Portmapper requests from
anywhere on the Internet have been increasingly abused DDoS reflection
attacks against third parties.
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the openly accessible
Portmapper service was identified.
We would like to ask you to check this issue and take appropriate
steps to secure the Portmapper services on the affected systems or
notify your customers accordingly.
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
Additional information on this notification, advice on how to fix
reported issues and answers to frequently asked questions:
<https://reports.cert-bund.de/en/>
This message is digitally signed using PGP.
Information on the signature key is available at:
<https://reports.cert-bund.de/en/digital-signature>
Please note:
This is an automatically generated message. Replies to the
sender address <reports@reports.cert-bund.de> will NOT be read
but silently be discarded. In case of questions, please contact
<certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
of this message in the subject line.
!! Please make sure to consult our HOWTOs and FAQ available at
!! <https://reports.cert-bund.de/en/> first.
|
|
发表于 2024-4-18 18:23:52
