Am 04.11.2015 um 11:22 schrieb Andrew Holway:
The server in question is a Centos 7 based FreeIPA server, OpenVPN
concentrator and DNS server.
Can have been a DNS amplification attack.
https://www.us-cert.gov/ncas/alerts/TA13-088A
Have you a public IP on the server? Take a loot at your DNS
configuration it could be an open resolver
http://openresolver.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Did you run basic checks like rkhunter and so on?
Is there password login enabled or only public key on ssh service.
Weak passwords on ssh is usually primary reason on system compromise.
Eero
4.11.2015 12.23 ip. "Andrew Holway" kirjoitti:
> Hi,
>
> One of our AWS
On Wed, November 4, 2015 4:22 am, Andrew Holway wrote:
> Hi,
>
> One of our AWS machines was used in an DOS attack last night and I am
> looking for possible attack vectors.
Is it AWS as in Amazon Web Services?
> AWS tells me it was sending UDP port
> 0
> traffic to a cloudflare address.
Hi,
One of our AWS machines was used in an DOS attack last night and I am
looking for possible attack vectors. AWS tells me it was sending UDP port 0
traffic to a cloudflare address.
This instance had an incorrectly configured AWS security group exposing all
ports.
The server in question is a
5 matches
Mail list logo