oh, the first two rules should not exist
-Wei
On Mon, Mar 11, 2024 at 2:04 PM Wei ZHOU wrote:
> Hi,
>
> The port 53 should be allowed for only the guest network
>
> root@r-4-VM:~# iptables-save |grep "port 53"
> -A INPUT -d 10.111.17.4/32 -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT
oad Balancer instead. The VR should
> assign the IP on its interface if it is acquired in the network.
> If I may ask, how are you concluding that IPs are unassigned
> elsewhere, have you performed basic reachability tests? Your case
> could be one of the below
>
> 1. That IP cou
From: Granwille Strauss
Sent: Friday, February 9, 2024 1:40:05 pm
To: users@cloudstack.apache.org
Cc: Jayanth Reddy
; Wei ZHOU
Subject: Re: DDOS Attacks from my virtual Router
I run version 4.18.1.0 currently, oddly there was an update for
dnsmasq so I applied them to all systemvms. I c
I remember it as well.
The issue should have been fixed many years ago. see
https://github.com/apache/cloudstack/pull/1663
-Wei
On Mon, Mar 11, 2024 at 11:09 AM Nux wrote:
>
> I have seen this in the past where port 53 was open on these public IPs
> on the VR and was indeed leading to amplificat
se check your events.
Get Outlook for Android<https://aka.ms/AAb9ysg> [1]
<https://aka.ms/AAb9ysg> [1]
From: Granwille Strauss
Sent: Friday, February 9, 2024 1:40:05 pm
To: users@cloudstack.apache.org
Cc: Jayanth Reddy
; Wei ZHOU
Subject: Re: DDOS A
Hi Wei
Thank you for the provided script, the stats it shows, is it from
initial VM creation date or from the time the server was rebooted?
On 3/11/24 09:57, Wei ZHOU wrote:
In my opinion, one of your VMs is compromised.
If you are able to access the hosts, you can check the statistics of
th
. März 2024 08:58
An: Granwille Strauss
Cc: users@cloudstack.apache.org
Betreff: Re: DDOS Attacks from my virtual Router
In my opinion, one of your VMs is compromised.
If you are able to access the hosts, you can check the statistics of the
virtual nics of the VMs in the network.
vmname=i-xx-yyy
In my opinion, one of your VMs is compromised.
If you are able to access the hosts, you can check the statistics of
the virtual nics of the VMs in the network.
vmname=i-xx-yyy-VM
nics=$(virsh domiflist $vmname |awk '{print $1}' |grep vnet)
for nic in $nics;do
virsh domifstat $vmname $nic |grep
___
From: Granwille Strauss
Sent: Friday, February 9, 2024 1:40:05 pm
To:users@cloudstack.apache.org
Cc: Jayanth Reddy ; Wei
ZHOU
Subject: Re: DDOS Attacks from my virtual Router
I run version 4.18.1.0 currently, oddly there was an update for dnsmasq so I
applied them to all s
g>
>
>
> From: Granwille Strauss
> Sent: Friday, February 9, 2024 1:40:05 pm
> To: users@cloudstack.apache.org
>
> Cc: Jayanth Reddy ;
> Wei ZHOU
> Subject: Re: DDOS Attacks from my virtual Router
>
>
> I run versio
Reddy
Sent from Outlook for Android<https://aka.ms/AAb9ysg>
From: Granwille Strauss
Sent: Tuesday, February 13, 2024 12:48:46 am
To: users@cloudstack.apache.org
Cc: Jayanth Reddy ; Wei ZHOU
Subject: Re: DDOS Attacks from my virtual Router
Update:
So
roid<https://aka.ms/AAb9ysg>
From: Granwille Strauss
Sent: Friday, February 9, 2024 1:40:05 pm
To:users@cloudstack.apache.org
Cc: Jayanth Reddy; Wei ZHOU
Subject: Re: DDOS Attacks from my virtual Router
I run version 4.18.1.0 currently, oddly there was an update
.INVALID><mailto:granwi...@namhost.com.INVALID><mailto:granwi...@namhost.com.INVALID>
Sent: Friday, February 9, 2024 11:38:13 am
To:
users@cloudstack.apache.org<mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org><mailto:users@cloudstack.apache.org>
<mail
ision them
again.
Thanks
Get Outlook for Android<https://aka.ms/AAb9ysg>
From: Granwille Strauss
Sent: Friday, February 9, 2024 1:10:32 pm
To: users@cloudstack.apache.org
Cc: Wei ZHOU ; jayanthreddy5...@gmail.com
Subject: Re: DDOS Attacks from my virtual
/AAb9ysg> <https://aka.ms/AAb9ysg>
>
>
> From: Granwille Strauss
>
> Sent: Friday, February 9, 2024 11:38:13 am
> To: users@cloudstack.apache.org
>
> Subject: DDOS Attacks from my virtual Router
>
>
> Hei
>
> My DC
ebruary 9, 2024 11:38:13 am
To:users@cloudstack.apache.org
Subject: DDOS Attacks from my virtual Router
Hei
My DC has just sent me notice that two of my IP addresses from the
allocated subnets are responsible for amplifying DDOS attacks. One out of
the two is my virtual router IP address. I was advis
IP. Happens..
>
> Is it safe for me to assume your zone is "Advanced"?
>
>
> Thanks
> Jayanth Reddy
>
> Get Outlook for Android<https://aka.ms/AAb9ysg>
>
>
> From: Granwille Strauss
> Sent: Friday, February 9, 2024
for me to assume your zone is "Advanced"?
Thanks
Jayanth Reddy
Get Outlook for Android<https://aka.ms/AAb9ysg>
From: Granwille Strauss
Sent: Friday, February 9, 2024 11:38:13 am
To: users@cloudstack.apache.org
Subject: DDOS Attacks from my virtual Ro
I found this:
https://cloudstack.apache.org/blog/dnsmasq-vulnerabilities-advisory-for-cloudstack/
and applied the recommended steps to all my SVMs, whether this will work
or not I am not sure. Do you guys maybe know of anything else that can
be done. What are the implications of blocking port 5
Hei
My DC has just sent me notice that two of my IP addresses from the
allocated subnets are responsible for amplifying DDOS attacks. One out
of the two is my virtual router IP address. I was advised to firewall
port 53 or deactivate recursive functions. Can you perhaps provide some
in sight
20 matches
Mail list logo
