NethServer Version: 7.8.2003
I host on Hetzner and I received these e-mails from them, which are supposedly from certbund@bsi.bund.de
Are these e-mails legitimate? If so, I haven’t done anything special with these services or ports, so is this something that could be improved for the standard Neth install?
Dear Sir or Madam,
open DNS resolvers are abused for conducting DDoS reflection/
amplification attacks against third parties on a daily basis.Affected systems on your network:
Format: ASN | IP | Timestamp (UTC)
12345 | 12.34.56.78 | 2020-07-30 02:32:57We would like to ask you to check if the open resolvers identified
on your network are intentionally configured as such and appropriate
countermeasures preventing their abuse for DDoS attacks have been
implemented.
Dear Sir or Madam,
the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.In addition to being abused for DDoS reflection attacks, the
Portmapper service can be used by attackers to obtain information
on the target network like available RPC services or network shares.Over the past months, systems responding to Portmapper requests from
anywhere on the Internet have been increasingly abused DDoS reflection
attacks against third parties.Affected systems on your network:
Format: ASN | IP | Timestamp (UTC) | RPC response12345 | 12.34.56.78 | 2020-07-30 08:34:08 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
We would like to ask you to check this issue and take appropriate
steps to secure the Portmapper services on the affected systems or
notify your customers accordingly.
