NTP-Reflection Attacks
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*NTP-Reflection Attacks 2014/02/20 [#o1871232]
g7という機体で、kernelのアップデートをしたとき、再起動に...
(あとから考えると、起動シークエンス中の時刻取得などがタ...
FreeBSD 9.1-RELEASE-p10
となるはずが、
FreeBSD 9.1-RELEASE-p7
のままだった。で、なにげに、
cat /var/log/messages すると、
Feb 20 08:43:42 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:43 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:44 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:45 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:46 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:47 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:48 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:49 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:50 g7 kernel: Limiting icmp unreach respons...
が、延々と出力されてる。が、帯域はそれほど喰われている訳...
tcpdump -i em0 すると、
08:44:36.394039 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.401899 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.402023 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.408995 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.411647 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.411772 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.420439 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.422227 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.434728 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.434852 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
が、ドバーっと┐(´д`)┌
なので、/etc/ntp.conf を、
restrict default ignore
restrict 0.pool.ntp.org nomodify nopeer noquery notrap
restrict 1.pool.ntp.org nomodify nopeer noquery notrap
restrict 2.pool.ntp.org nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
から
server 0.freebsd.pool.ntp.org iburst
server 1.freebsd.pool.ntp.org iburst
server 2.freebsd.pool.ntp.org iburst
disable monitor
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
http://www.atmarkit.co.jp/ait/articles/1401/15/news126.html
http://1118.me/?p=32315
へ、変更して、
service ntpd restart
したら、「Limiting icmp unreach response」が止まりました。
Feb 20 08:44:25 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:26 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:27 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:28 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:29 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:30 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:31 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:32 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:33 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:34 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:35 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:36 g7 ntpd[9295]: ntpd 4.2.4p5-a (1)
Feb 20 08:44:48 g7 ntpd[9296]: time reset +3.451551 s
Feb 20 08:45:40 g7 kernel: em0: promiscuous mode disabled
root@g7:/root #
で、もう一回 freebsd-update してリブートしたら、
FreeBSD 9.1-RELEASE-p10
にUPできました。でも、なんで??
*NTP-Reflection Attacks 2014/02/14 [#f631df10]
なんだか、ネットが劇重になってて、昔のISDNクラスの帯...
トラフィック見てみたら、40MBクラスの「何か」が帯域を喰っ...
どうやら、これが、噂の「NTPanp攻撃」の様だ。ったく・・・(...
Open NTP Server の Reflection&
http://nakacya.wordpress.com/type/aside/
#ref(20140214_NTP_Atack.PNG)
tcpdump でネットワークを観測すると、
13:54:15.072076 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072079 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072081 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072084 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072086 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072089 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072091 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072094 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072097 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072099 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072101 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072104 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072106 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072109 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072111 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072114 IP g7.kuji-clinic.net.ntp > www162.sedop...
なんとまぁ、length 440 なntp問い合わせで埋め尽くされてい...
取り敢えず、対処!( ̄^ ̄)ゞ
/etc/ntp.conf を
server ntp.jst.mfeed.ad.jp
server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 1.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9
から、
restrict default ignore
restrict 0.pool.ntp.org nomodify nopeer noquery notrap
restrict 1.pool.ntp.org nomodify nopeer noquery notrap
restrict 2.pool.ntp.org nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
へ変更して
service ntpd restart
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
終了行:
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*NTP-Reflection Attacks 2014/02/20 [#o1871232]
g7という機体で、kernelのアップデートをしたとき、再起動に...
(あとから考えると、起動シークエンス中の時刻取得などがタ...
FreeBSD 9.1-RELEASE-p10
となるはずが、
FreeBSD 9.1-RELEASE-p7
のままだった。で、なにげに、
cat /var/log/messages すると、
Feb 20 08:43:42 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:43 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:44 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:45 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:46 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:47 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:48 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:49 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:43:50 g7 kernel: Limiting icmp unreach respons...
が、延々と出力されてる。が、帯域はそれほど喰われている訳...
tcpdump -i em0 すると、
08:44:36.394039 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.401899 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.402023 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.408995 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.411647 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.411772 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.420439 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.422227 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.434728 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
08:44:36.434852 IP ddos-guard.net.ntp > g7.kuji-clinic.n...
が、ドバーっと┐(´д`)┌
なので、/etc/ntp.conf を、
restrict default ignore
restrict 0.pool.ntp.org nomodify nopeer noquery notrap
restrict 1.pool.ntp.org nomodify nopeer noquery notrap
restrict 2.pool.ntp.org nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
から
server 0.freebsd.pool.ntp.org iburst
server 1.freebsd.pool.ntp.org iburst
server 2.freebsd.pool.ntp.org iburst
disable monitor
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
http://www.atmarkit.co.jp/ait/articles/1401/15/news126.html
http://1118.me/?p=32315
へ、変更して、
service ntpd restart
したら、「Limiting icmp unreach response」が止まりました。
Feb 20 08:44:25 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:26 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:27 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:28 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:29 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:30 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:31 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:32 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:33 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:34 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:35 g7 kernel: Limiting icmp unreach respons...
Feb 20 08:44:36 g7 ntpd[9295]: ntpd 4.2.4p5-a (1)
Feb 20 08:44:48 g7 ntpd[9296]: time reset +3.451551 s
Feb 20 08:45:40 g7 kernel: em0: promiscuous mode disabled
root@g7:/root #
で、もう一回 freebsd-update してリブートしたら、
FreeBSD 9.1-RELEASE-p10
にUPできました。でも、なんで??
*NTP-Reflection Attacks 2014/02/14 [#f631df10]
なんだか、ネットが劇重になってて、昔のISDNクラスの帯...
トラフィック見てみたら、40MBクラスの「何か」が帯域を喰っ...
どうやら、これが、噂の「NTPanp攻撃」の様だ。ったく・・・(...
Open NTP Server の Reflection&
http://nakacya.wordpress.com/type/aside/
#ref(20140214_NTP_Atack.PNG)
tcpdump でネットワークを観測すると、
13:54:15.072076 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072079 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072081 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072084 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072086 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072089 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072091 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072094 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072097 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072099 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072101 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072104 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072106 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072109 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072111 IP g7.kuji-clinic.net.ntp > www162.sedop...
13:54:15.072114 IP g7.kuji-clinic.net.ntp > www162.sedop...
なんとまぁ、length 440 なntp問い合わせで埋め尽くされてい...
取り敢えず、対処!( ̄^ ̄)ゞ
/etc/ntp.conf を
server ntp.jst.mfeed.ad.jp
server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 1.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9
から、
restrict default ignore
restrict 0.pool.ntp.org nomodify nopeer noquery notrap
restrict 1.pool.ntp.org nomodify nopeer noquery notrap
restrict 2.pool.ntp.org nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
へ変更して
service ntpd restart
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
ページ名: