Skip to content
Snippets Groups Projects
Commit 136aaffb authored by Tobias Fiebig's avatar Tobias Fiebig
Browse files

updated changelog; added incident report

parent 19789262
Branches master
No related tags found
No related merge requests found
......@@ -11,6 +11,10 @@ New entries go to the top of the 'Changes' section and have the following form:
```
# Changes
## Wed Jan 12 11:29:35 UTC 2022
- *Change by:* Tobias Fiebig
- *Description:* Additional firewall rules to prevent bogons from reaching the Internet after Hetzner issued AbuseID:9D18EC:1B, see [report](reports/1641987055.md).
## Thu Jan 6 22:42:45 UTC 2022
- *Change by:* Tobias Fiebig
- *Description:*
......
# Abuse Message [AbuseID:9D18EC:1B]: PortscanOutLevel: Portscan detected from 168.119.67.118
## Description
Around Wed Jan 12 02:55:21 2022, Hetzner recorded outbound traffic from vcr000
to rfc1918 addresses. Hetzner suspects an attack.
## Resolution
An investigation revealed that this was related to Hetzner forwarding inbound
traffic with src addr in 10.0.0.0/8 and our servers reacted benign. To mitigate
this in the future, additional outbound firewall rules were added:
```
domain (ip) {
table filter chain OUTPUT {
outerface enp196s0 daddr (10.0.0.0/8 192.168.0.0/24 172.16.0.0/12) REJECT;
}
}
```
Documentation has been adjusted and Hetzner informed.
......@@ -87,6 +87,12 @@ domain (ip) {
}
}
domain (ip) {
table filter chain OUTPUT {
outerface enp196s0 daddr (10.0.0.0/8 192.168.0.0/24 172.16.0.0/12) REJECT;
}
}
```
# Install BBB
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment