Join Log in
Score:0
avatar Server

Stopping UDP Attack

cn flag
QuickBooksRus

I am now getting support emails from OVH that there is unusual activity on my server.

This is a simple server that I have RDP connections for students to access QuickBooks, Excel, and Word, and there is nothing else on the server, and I have group policies set that they have almost no access to anything including the internet, files, etc ...

The below is the message I am getting for OVH ... I have blocked all UDP outbound in the windows firewall and the computer configuration ... I am not an expert in this area ... will this stop the unusual behavior.

Attack detail : 4Kpps/53Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:15800 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:703 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 201.71.201.195:41519 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:19103 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 72.204.176.88:8080 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:11396 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 24.217.44.95:80 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 72.204.176.88:8080 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:32431 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:48208 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:7814 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 201.71.202.157:61154 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 87.123.195.143:443 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:22084 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:34101 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:32807 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:60109 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:38144 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:27707 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:28195 UDP --- 16384 24870912 ATTACK:UDP
184
1 + 1
udp
Score:1
eKKiM avatar Server
lr flag
eKKiM

Your server is being used in a LDAP amplification DDoS attack. (Port 389)

Make sure your LDAP server is not publicly accessible!

0 + 1
cn flag
QuickBooksRus
I googled how to stop a LDAP amplification attack and it seemed simple ... disable the Active Directory Domain Controller - LDAP (UDP-In) inbound firewall rule and also Active Directory Domain Controller - LDAP (TCP-In) and Active Directory Domain Controller - Secure LDAP (TCP-In) rules ... Is that it ? Thanks
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.