Contoh SNMP DDOS:
[bash]
root@svr29 [~]# tail -f /var/log/messages | grep “Connection from UDP”
Nov 11 10:42:47 svr29 snmpd[28113]: Connection from UDP: [201.229.x.x]:1025
Nov 11 10:42:50 svr29 snmpd[28113]: Connection from UDP: [201.229.x.x]:1025
Nov 11 10:42:53 svr29 snmpd[28113]: Connection from UDP: [24.201.x.x]:1025
Nov 11 10:42:53 svr29 snmpd[28113]: Connection from UDP: [24.201.x.x]:1025
Nov 11 10:43:31 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:45655
Nov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:41150
[/bash]
Halang IP dengan CSF Firewall
[bash]
root@svr29 [~]# csf -d 201.229.x.x
root@svr29 [~]# csf -d 24.201.x.x
[/bash]
Lepas tu pastikan cuma ip dari monitoring server connect ke snmp
[bash]
root@svr29 [~]# tail -f /var/log/messages | grep “Connection from UDP”
Nov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:40872
Nov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:55844
Nov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:41199
[/bash]
*Update
Ada cara nak allow hanya certain IP akses snmp guna /etc/hosts.allow. Firewall tidak diperlukan.
Contoh setting dalam /etc/hosts.allow
[bash]
.
.
#snmpd
snmpd : 103.x.x.x : allow
snmpd : ALL : deny
[/bash]
Log yang akan keluar apabila buat setting macam ni:
[bash]
Nov 15 11:19:05 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:8699 REFUSED
Nov 15 11:19:06 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:19461 REFUSED
Nov 15 11:19:08 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:8920 REFUSED
Nov 15 11:19:09 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:41155 REFUSED
[/bash]
*Artikel ini adalah daripada terjemahan.