收到 Digital Ocean 一封邮件(Abuse Complaint), 这个应该咋处理啊?

2015-02-20 06:33:50 +08:00
 inet6
今天收到一封邮件,我在DO上配置了一个SS代理,翻墙用的。用了一年多了,一直平安无事,这次是怎么了? 我贴一下邮件内容(很长...), 我应该怎么处理一下,怎么回复啊,是因为SS的密码泄漏了而被人用来攻击了么?

Support Request Posted on 02/19/15 at 12:42 UTC
Please review the following abuse complaint and provide us with a resolution:

******************************
You appear to be running an open recursive resolver at IP address 我的IP地址 that participated in an attack against a customer of ours, generating large UDP responses to spoofed queries, with those responses becoming fragmented because of their size.

Please consider reconfiguring your resolver in one or more of these ways:

- To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in "allow-query"; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
- To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in "allow-query" for the server overall but setting "allow-query" to "any" for each zone)
- To rate-limit responses to individual source IP addresses (such as by using DNS Response Rate Limiting or iptables rules)

More information on this type of attack and what each party can do to mitigate it can be found here: http://www.us-cert.gov/ncas/alerts/TA13-088A

If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

Example DNS responses from your resolver during this attack are given below.
Date/timestamps (far left) are UTC.

2015-02-19 04:33:56.305717 IP (tos 0x0, ttl 56, id 33341, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.2894: 65264 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823d 2000 3811 a96b 80c7 b3e6 E....=..8..k....
0x0010: d092 2c28 0035 0b4e 0fff 3992 fef0 8180 ..,(.5.N..9.....
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7b00 2f03 6e73 3108 7370 6163 ....{./.ns1.spac
0x0050: 6577 ew
2015-02-19 04:33:56.479486 IP (tos 0x0, ttl 56, id 33342, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.52563: 49998 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823e 2000 3811 a96a 80c7 b3e6 E....>..8..j....
0x0010: d092 2c28 0035 cd53 0fff b32e c34e 8180 ..,(.5.S.....N..
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7b00 2f03 6e73 3108 7370 6163 ....{./.ns1.spac
0x0050: 6577 ew
2015-02-19 04:33:57.652575 IP (tos 0x0, ttl 56, id 33343, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.13219: 27099 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823f 2000 3811 a969 80c7 b3e6 E....?..8..i....
0x0010: d092 2c28 0035 33a3 0fff b262 69db 8180 ..,(.53....bi...
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7a00 2f03 6e73 3108 7370 6163 ....z./.ns1.spac
0x0050: 6577 ew

(The final octet of our customer's IP address is masked in the above output because some automatic parsers become confused when multiple IP addresses are included. The value of that octet is "40".)

-John
President
Nuclearfallout, Enterprises, Inc. (NFOservers.com)

(We're sending out so many of these notices, and seeing so many auto-responses, that we can't go through this email inbox effectively. If you have follow-up questions, please contact us at noc@nfoe.net.)
******************************

Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.
2495 次点击
所在节点    问与答
21 条回复
docee
2015-02-21 13:34:27 +08:00
建议把SSH端口换掉。。。。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/171865

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX