Re: [CentOS] Server used in DOS attack on UDP port 0

2015-11-04 Thread Alexander Dalloz
Am 04.11.2015 um 11:22 schrieb Andrew Holway: The server in question is a Centos 7 based FreeIPA server, OpenVPN concentrator and DNS server. Can have been a DNS amplification attack. https://www.us-cert.gov/ncas/alerts/TA13-088A

Re: [CentOS] Server used in DOS attack on UDP port 0

2015-11-04 Thread AemNet
Have you a public IP on the server? Take a loot at your DNS configuration it could be an open resolver http://openresolver.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server used in DOS attack on UDP port 0

2015-11-04 Thread Eero Volotinen
Did you run basic checks like rkhunter and so on? Is there password login enabled or only public key on ssh service. Weak passwords on ssh is usually primary reason on system compromise. Eero 4.11.2015 12.23 ip. "Andrew Holway" kirjoitti: > Hi, > > One of our AWS

Re: [CentOS] Server used in DOS attack on UDP port 0

2015-11-04 Thread Valeri Galtsev
On Wed, November 4, 2015 4:22 am, Andrew Holway wrote: > Hi, > > One of our AWS machines was used in an DOS attack last night and I am > looking for possible attack vectors. Is it AWS as in Amazon Web Services? > AWS tells me it was sending UDP port > 0 > traffic to a cloudflare address.

[CentOS] Server used in DOS attack on UDP port 0

2015-11-04 Thread Andrew Holway
Hi, One of our AWS machines was used in an DOS attack last night and I am looking for possible attack vectors. AWS tells me it was sending UDP port 0 traffic to a cloudflare address. This instance had an incorrectly configured AWS security group exposing all ports. The server in question is a