[Atlas-anchors-pilot] iDRAC cards are potential DDoS amplifiers
Nick Hilliard
nick at inex.ie
Mon Apr 1 14:46:55 CEST 2013
On 01/04/2013 11:35, Tore Anderson wrote:
> Following the recent attacks on Spamhaus, our security guys did some
> scanning of our address space to look for potential DDoS amplifiers in
> our network. One of the things they found was the iDRAC port of
> no-osl-as39029, which happily responds to any SNMP v1/v2c queries using
> the "public" community.
>
> I don't see any evidence of it having been abused for DDoS purposes in
> my bandwidth graphs to date, but still, this should be closed down. That
> probably goes for all the anchor boxes, not just ours.
our atlas idrac config is firewalled off and only the RIPE NCC address
range has access. Just checked it out for community public and it doesn't
answer.
Nick
More information about the Atlas-anchors-pilot
mailing list