弱點在那兒 ?
2020/03/28 爆出這一個月以來最大量流量
結果查的結果是NTP 攻擊
很難想像, 數量有多少.
NTP Amplification REQ_MON_GETLIST Request Found |
36343 |
This alert indicates that there is a REQ_MON_GETLIST_1 request on NTP. If this event happened many times within a short period of time, it could indicate that someone is trying to brute force and cause DOS on the NTP server. |
dos |
6.1.0 |
informational |
allow |
CVE-2013-5211 |
421 (2014-02-25 UTC) |
599 (2016-07-20 UTC) |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211, https://www.us-cert.gov/ncas/alerts/TA14-013A |
released |
NTP Amplification Denial-Of-Service Attack |
40038 |
This event indicates that someone is using a brute force attack to perform DOS attack to a NTP server. It is leverage CVE-2013-5211, which is the monlist feature vulnerability of NTP. |
brute-force |
6.1.0 |
low |
alert |
CVE-2013-5211 |
421 (2014-02-25 UTC) |
599 (2016-07-20 UTC) |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211, https://www.us-cert.gov/ncas/alerts/TA14-013A |
released |
尖峰時段
半小時 73.809k 次攻擊
73.809 x 1000 / 30 / 60 = 41次/sec
一秒鐘大概 41次
從PRTG上看, 對總量影響不大, 但是對客戶上網就會變慢
搞不懂這樣攻擊的目的是什麼 ?
沒有留言:
張貼留言