API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 19th, 2017
2,330
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.87 KB | None | 0 0
raw download clone embed print report
  1. Received: from DB5EUR03HT247.eop-EUR03.prod.protection.outlook.com
  2. (2603:10a6:6:2e::14) by DB4PR06MB585.eurprd06.prod.outlook.com with HTTPS via
  3. DB6P189CA0001.EURP189.PROD.OUTLOOK.COM; Sat, 17 Jun 2017 13:01:52 +0000
  4. Received: from DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
  5. (10.152.20.59) by DB5EUR03HT247.eop-EUR03.prod.protection.outlook.com
  6. (10.152.21.202) with Microsoft SMTP Server (version=TLS1_2,
  7. cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1157.12; Sat, 17
  8. Jun 2017 13:01:51 +0000
  9. Authentication-Results: spf=pass (sender IP is 213.133.106.242)
  10. smtp.mailfrom=hetzner.de; hotmail.com; dkim=none (message not signed)
  11. header.d=none;hotmail.com; dmarc=bestguesspass action=none
  12. header.from=hetzner.de;
  13. Received-SPF: Pass (protection.outlook.com: domain of hetzner.de designates
  14. 213.133.106.242 as permitted sender) receiver=protection.outlook.com;
  15. client-ip=213.133.106.242; helo= mail.hetzner.company;
  16. Received: from BAY004-MC5F19.hotmail.com (10.152.20.59) by
  17. DB5EUR03FT006.mail.protection.outlook.com (10.152.20.106) with Microsoft SMTP
  18. Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
  19. 15.1.1157.12 via Frontend Transport; Sat, 17 Jun 2017 13:01:50 +0000
  20. X-IncomingTopHeaderMarker: OriginalChecksum:F2C2B314FA45374948D4C84EC967243A55895856E4B95866F67A47E41D3B33EF;UpperCasedChecksum:40517CD64448FF2011DEFC0D8C79CAEFDFEEC4586B5C79FF6816F2AB92539A70;SizeAsReceived:1273;Count:17
  21. Received: from mail.hetzner.company ([213.133.106.242]) by BAY004-MC5F19.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
  22. Sat, 17 Jun 2017 06:01:47 -0700
  23. Received: from [188.40.24.70] (helo=abuse.your-server.de)
  24. by mail.hetzner.company with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
  25. (Exim 4.80)
  26. (envelope-from <abuse@hetzner.de>)
  27. id 1dMDM8-0005jn-G9
  28. for keko950@hotmail.com; Sat, 17 Jun 2017 15:01:36 +0200
  29. Received: from localhost.localdomain (localhost [127.0.0.1])
  30. by abuse.your-server.de (Postfix) with ESMTPS id 684DF30071B
  31. for <keko950@hotmail.com>; Sat, 17 Jun 2017 15:01:26 +0200 (CEST)
  32. Date: Sat, 17 Jun 2017 15:01:26 +0200
  33. From: <abuse@hetzner.de>
  34. Reply-To: <abuse@hetzner.de>
  35. To: <keko950@hotmail.com>
  36. Message-ID: <594528266648d_20e92cc25d445592fc@abuse.your-server.de.mail>
  37. Subject: Abuse Message [AbuseID:351033:24]: AbuseBSI:
  38. [CB-Report#20170617-45385176] Offene NetBIOS-Namensdienste in AS24940
  39. Content-Type: text/plain; charset="UTF-8"
  40. Content-Transfer-Encoding: 7bit
  41. X-Hetzner-AbuseID: 351033:24
  42. Charset: UTF-8
  43. X-Authenticated-Sender: abuse-queue@hetzner.de
  44. Return-Path: abuse@hetzner.de
  45. X-OriginalArrivalTime: 17 Jun 2017 13:01:47.0327 (UTC) FILETIME=[E09F14F0:01D2E769]
  46. X-IncomingHeaderCount: 17
  47. X-MS-Exchange-Organization-Network-Message-Id: 5b48f80a-b762-442d-cd46-08d4b5810573
  48. X-EOPAttributedMessage: 0
  49. X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
  50. X-MS-Exchange-Organization-MessageDirectionality: Incoming
  51. CMM-sender-ip: 213.133.106.242
  52. CMM-sending-ip: 213.133.106.242
  53. CMM-Authentication-Results: hotmail.com; spf=temperror (sender IP is
  54. 213.133.106.242) smtp.mailfrom=abuse@hetzner.de; dkim=none
  55. header.d=hetzner.de; x-hmca=none header.id=abuse@hetzner.de
  56. CMM-X-SID-PRA: abuse@hetzner.de
  57. CMM-X-AUTH-Result: NONE
  58. CMM-X-SID-Result: NONE
  59. CMM-X-Message-Status: n:n
  60. CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MTtHRD0xO1NDTD0w
  61. CMM-X-Message-Info: NhFq/7gR1vQRHV6jbdvQflMPFnPx/QUT9d3EY7Fk9VN7Iz51loVyqbw6JW1pdsTYrdrEavtFNGvoHn3lbY6nmqJwwsZaQjRk8R0MsQ2J1HMXeMvXoJgbeqer+4as0MdB+7pQ/a4SawWwoGThOjhzXLiGK7HDe/jB28ea9doG1ymGJmE+EczlN8e1NSOjET+r3DaHG3ZdYND75T8cca/c9+RbzZ4h3GpP/hovhN3mYFuJ/rTA21Bmey5GiWcAitkL
  62. X-MS-Exchange-Organization-PCL: 2
  63. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03FT006;1:LqXZ8YA9PkDt8ZCUvuesBkmjYIornNYM/WCup98Ep7dxt7s2P2nowRXPAhd8OWUuyKvCguBSBDS1Nl0UQYtzwNjx9nWHhLUa+mhy/pLtDas7rezOKwwS+84/I5e++/mk8sMWA1bwyDbFCokMTVUKU1TVFmgaJdvcgyr+Ua6B6vtXlkT0WPEyXO8KcVOG2RmtIOnXNrCDvgKpuiO2ESZrnM1p7ZcRPtCFiemPUvc8rpm3kMKyIDprLiJ1qh4cR1lNoLpEBOYBfRYls6AgltSIpg==
  64. X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:DB5EUR03HT247;H:BAY004-MC5F19.hotmail.com;FPR:;SPF:None;LANG:en;
  65. X-MS-Exchange-Organization-AuthSource: DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
  66. X-MS-Exchange-Organization-AuthAs: Anonymous
  67. X-MS-PublicTrafficType: Email
  68. X-MS-TrafficTypeDiagnostic: DB5EUR03HT247:
  69. X-MS-Office365-Filtering-Correlation-Id: 5b48f80a-b762-442d-cd46-08d4b5810573
  70. X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(23075)(22001)(8291501071);SRVR:DB5EUR03HT247;
  71. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;3:/LTAmThSTIiKkyBkugDWd22ZvHeyDGhoyk+4hBlRNTR2n6Kusain1KTte687/LpEOIDhcMq07ee4mlhaVTvBUePzPHaYEB8ypejz3k0Q1ZO1DECsmQzW/9VWkuPkEcm5ZprjqS1yF3//CJmCV2SLrsfnmCthhY9yu3h+zsk9WfMieLPPczUNMrVSjM67XHK9j7ehuONz5PfuHacS51hSP3iCdeceKeDnTHLLT5zwW2+C5LWiaWFoFmK3ics6nMjnuRQyK4B8VnMEci39nxFHBctoPXYmnEvRUIWeK1DO978XJuyPH/L/aSGPU2f/HE6qFICLNGSTkWIjR7n71l0dlpVQo4jOCzWOQ1+89nw4imQgpL8VDuFBr2Z4aM/tQKoq;25:zcdvLHffbI80u9B+G2HHpVWnx/Xjahs7HZr3bG1V/oO3JZTwmL9hWosXoDuNWSnPgVqJhOAg5wiaDttlW9eeHSHiuhf15JVEXxBsZpDlCoZ3bE9vcuR41EHvxPaT3IcbbwA/d3KyHRlc5N0xjtLf9HwsU6dubBAOlPLDUVXYqhC7nClAChyD8BpXNNMdYmK2hQaVvk3dAI+98OuUHMfnpXpgWE+bWFBfxNqV7SZf6rN+4nKop9WcXZ1BwqrBgXQ6E0rzbaJiUSqlWcv8ZJrXr+t/D2TnYK0Bd+YWHloU8/rozKYkDJKbvWLydhkjcQYTe6OR1fjPzIeQHvdkAS+TWBcXXrn0s3NLVcNTuk6xbGazTe+oZrhS+x9wkdDsoZgaA7ZUz8w1+uI4bXI4TaEMaOXabQP8J3aL4WCwtuRjbna71kCCnHYfpLmFQSXyLK7z7ytdi9GQeB+GkdZCRTi5AHp31teHu77hJH+JmxLYOuQ=
  72. X-MS-Exchange-Organization-AVStamp-Service: 1.0
  73. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;31:8rz3h+sB3Ptjv2AAp8wqr2e5YUpwZS30pE94vbcQo6jvSJcW9ZwBfPAZlfLm3LxmJIUDdRsBgS5Zi6IbuQah+09qDtnbWsOPcVokVq28PD4XFOE3Yh+x6OfvQbmsUanLpg7ZXK7q9r8oTNPTgrIcFs+FrS4H+/EPk7J9zyl9tH8N/5LW77tPajHGrobFOT2ez4dUw+MuJY0aSOccBnIUdqF2qiKgDHDobNh6u5q10tYyOzasJUFgWxPkxA+ZFWEZyOPDK+8l/OUvJ3bqjxNq537h8Tnj+Dh8eGIcStzoM7WaQqfRqpqWW1fdZUTR0bKh;4:rZvpBQ5txJYWYvjd04pLd95He2/ZwOTbm0w2s5kD5sD9xWjbGzcgmkfLn34Bq13KSZyNVEsnG1uXhiOAJ7WUO+ZXqSk5ZFtQDWW8WS6BC6QbmqIBiw1+ZaPha/T5kZwqh4Ih4pwvnek1pewv57jbduHPlsWMSyYt7TTkeo4IpiuBAmz/eI32gRyau4VqPxOkFqsQPLZB9U43Y9uswW6tIL8azsKcxT1Kknes5mUT5O9FA7TVf3VMAXrNF/EQ5LoxKsImptPkUtXtTsygTb4gkX6af9ZGixIhaFW7HaGtPzcYlXG385A7x/+jZbiLxtFg3fyF/ZWZIY9HhcZDLB6sqMUK5Gja6I5wUCNmou0qZX4crfZuCT0e5/xE/4GJ9+5gaETWVbZMtI3/XWnwAgpl64fRILkii+tDm6naGYjHUR0MYyKDial2+BUHaphVNdK0/qWGZmedNShf3+95FMxnZLuEo+1fOQz987AkrxddXgZpUHplhyaFntfRcIXXhfyItW2pZWKpDJqncNDCzak31aPsFUcAyVg05E034ctyAA5QOvksv+xGpVAI2YukxsVZ
  74. X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(192374486261705);
  75. X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444111536)(595095)(82015058);SRVR:DB5EUR03HT247;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DB5EUR03HT247;
  76. X-MS-Exchange-Organization-SCL: 1
  77. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;23:V/JS6hCAD7WxJBbzjcQvB+D1Wyzaw2Ulr1LTooVNa37Wg+NUe2Xl3gQ2VFWN+xlw2Cbp2kpobtA1HYmhOol7d7Gt8IKT29kgwKpALaLF4m+DaY0fJgoEtI3cPYq1P8QnPj4YuJ8r9DqsXoVO1HvOodzysIhO997UICM6LisWX7c=
  78. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;6:cAaX8D7cRxeAi8R1NAs+4UmsDw84W0WUCx13Km0EZjhxhnzPmWSBq2FEeOJP/LKiwZiAx90VWxQvRkjhJ95Pq5hd9zb6YXkgxsOOwIM2vK8tc7hvvLrxjKQae8uY26mDEFpzTswvdUGxBOjM8NQjudN0Rl0Z/J9OOHnZAIjx2oJsevbCMoFJJow3D7cdhuyTo5P6QY2VtcPU8/yLfoj+p/D1RAPidO/0g3Y1qz0l0Z4/2+k8BbjTltc0mlnQ80qWoZwoSeLrixN6JSTaUn0NHbv/mRRuX5Aq8CTw2nDBzboUyK+/yKFCC076w9LQ6dQAV+T1kQIEROs/2p6S1mLI14CCZR97bYLuKf1aHZoZ4riEn1vzHmoogZ7i7SbCEARKCPfXnblp3l31FI6sxvXVsFpiTUQaWR+XEJBAJNn8+4cTAv7EYGKBIAqLzgc2ycAVAnAgY+xrOvWaTCmkmEXpv88pke6OQXZ6d9OI+ttE2J0uiUaP4Y71UTOpxjwySeO+LyWSTelNupeA8u6G0tn8ZjDqunnkAfTEpVh5wtTsHAEZQrinQeEYO5YeHZEpBcz3Jr+tHn5BRo9fU32Uu9Nne2NCltVX7k18PFf6ZuzECza4U+GLSUlksF4aJN/hsetBkVz3grvBf5dwlLOABsWVYi03rvGSxKM6Jof52xXTXtfL/rb9o9Ci7tRXUSxU6MqvwDBXqI5Y4s69NMW7y+iC0vLb19JTkRMMNb6IyJGCVZ+8kj+qiy7HX/eu5719WaQFKvH6NG65C676he5iYOW+9TEJY85xjNqfD33lX8gHo8V2PQqgAYIKA5y/mK1HkrYyqRxn3xpYZmu0Xa4mYzyVtkS/htCfwcmScsP9cKDS4Z8=
  79. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;5:S+FKI25asR5tOs5yaHOghV9m+GsTthYbh+EUA6HoN4iSn6TnSUOVlT3oGfDLeS5bcW1Ykj6Zhz2P8/7sgZajdlsVxTEAMGKbYqx0Uvf1MRWDB6868fOzJx4RfTZpaP9T43/Sy166JfsqWVVq4wiNJ4YNchnovsNJv7nJl2R6bVDnLvM7o3X5K79iYK51X5BkfivqUq8/VIuJAN8Q9oMK9yH5O0VYL7OVqTT/Yuyzne+I50gYvWELMdYkyp99H55WfhS35+7A6qVdhzqlmppNmCXwZjJg+Zmpdf6wQdUnJeZNy+li5PqAHLazlbkz7AoMQ2HabsR5CgQSobd5/TA78HViQZqZmIfNneBGL04ZNhAE+/POCHpk421qSx9ewRSrOAIifPp/K4jA+FyLMTr7Bzdm4ar0MRdPD2wvii9Fp/BBr4M8AloMMsaR39NwFBFyrKow8PQm82URXij/NmKBlQwLZEXFAY2i9q3d+SRItXUHqYjOhvbNrWHrb81fY4zn;24:EJPyW9XOd0fBmV56nRvFmZHA1lXp7QRY32LoMScPCIrcy7JvvWdge3rBsoDA+tD5HognStrptFSE7noB+LfmkGUlypnGBZ0b6INKpFlEZMw=
  80. SpamDiagnosticOutput: 1:99
  81. SpamDiagnosticMetadata: NSPM
  82. X-Microsoft-Exchange-Diagnostics: 1;DB5EUR03HT247;7:f2yZF13TpZ2tR/kIpODbNUgGVTn4FubrRWKp8IjhqKoH/GSwCWco2feF5555nOkdYEH1x5UHXnv5x73hQ1SRU2zI3S7prwPpV1Ko14ZDmHhoaqQQClKZqZgdsEPqu0F0cIxHStWKtCuEqbHQegq1wSsO5PQGN12wI0FNkeHVIDlOJZuLnPzPF++H4La2iqMcjbhX9wxcQYIsU+4G5MYEG+dDs+lohw0mCmjXmR4jLwQBCaSDBWJ1BUCFABySiFEl12wQqtiI+487TJjuK6MVh1KikrIC3YVDlcAP+CZxaQpFraxn3scfrwAn/IaKCtuI7fTZmGo2L/Dz2epiHHwPA6JjoXADuThdh9K2XAn0D+4vUoSjOm6wCpgFsKQoFXITb2T23INodXK93E7t2xyIWwRYbkNdBCYhLdnD5J2pvnTQ3IArsOcla2AqD+yk92zQG2pKUufNd6xo9GRIbTfoKHu3HyKECf6QH/5e/XuduFRkLcFL6l0FYX0CT87Uo/eOYyToVNNoVFgO1oPETI44OYS3FTnEVoiFR+iGWU8XnodUHxHLZFzuQqPxaESa2qj7gkiyGBFK3lM6BrjW/91Oj5X/oT1HLsfxsQXAzk9YxGKcv0fyG2u7qo2wMluAoslMndUbfA0QI6uxMfEaucSiEwbS8dMesI0TCtX9AJQuhchVQv3S5XdcsqtAqH7iR/Vf2UAQv2whmjFFM/ARjYDmy+GdXLEoE/azKFZ1dExXsXvTzSsO/W7eFCBMI33jbFA9/tNlANvZPktWYIr0fpTvCo4hvNS09KBheYtEsAJ13Yw=
  83. X-OriginatorOrg: outlook.com
  84. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2017 13:01:50.6247
  85. (UTC)
  86. X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
  87. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
  88. X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5EUR03HT247
  89. X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.4067931
  90. X-Microsoft-Exchange-Diagnostics:
  91. 1;DB4PR06MB585;27:crv3do4OtD751v/bo2gbV3VBxE2n/0FSqEiSW3GNaJz12BvU0fmNHLkWY1MKnpepaZ02abU4w93FhZ9kcdhY5qDLaeFyOwE/ZsZssL+iAEsyaAjqSvClxS5Ny3uNcAwjFP+vdV3uMvyapB0E9Ypx4A==
  92. X-Microsoft-Antispam-Mailbox-Delivery:
  93. abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;psp:0;auth:0;dest:I;WIMS-SenderIP:213.133.106.242;WIMS-SPF:hetzner%2ede;WIMS-DKIM:hetzner%2ede;WIMS-822:abuse%40hetzner%2ede;WIMS-PRA:abuse%40hetzner%2ede;WIMS-AUTH:NONE;ENG:(5062000180)(5061607266)(5061608170)(4900095)(4950095)(102400140)(400001001128)(400125100095)(400001002128)(400125200095);
  94. MIME-Version: 1.0
  95.  
  96. Dear Mr Gilberto Plaza,
  97.  
  98. We received a security alert from the German Federal Office for Information Security (BSI).
  99. Please see the original report included below for details.
  100.  
  101. Please investigate and solve the reported issue.
  102. It is not required that you reply to either us or the BSI.
  103. If the issue has been fixed successfully, you should not receive any further notifications.
  104.  
  105. Additional information is provided with the HOWTOs referenced in the report.
  106. In case of further questions, please contact certbund@bsi.bund.de and keep the
  107. ticket number of the original report [CB-Report#...] in the subject line.
  108. Do not reply <reports@reports.cert-bund.de> as this is just the sender address for the
  109. reports and messages sent to this address will not be read.
  110.  
  111. Kind regards
  112.  
  113. Abuse team
  114.  
  115. On 17 Jun 10:45, reports@reports.cert-bund.de wrote:
  116. > [English version below]
  117. >
  118. > Sehr geehrte Damen und Herren,
  119. >
  120. > NetBIOS ist eine Programmierschnittstelle zur Kommunikation zwischen
  121. > Programmen ber ein lokales Netzwerk. NetBIOS over TCP/IP ist ein
  122. > Netzwerkprotokoll, das es ermglicht, auf der Programmierschnittstelle
  123. > NetBIOS aufbauende Programme ber das Netzwerkprotokoll TCP/IP zu
  124. > verwenden.
  125. >
  126. > In den letzten Monaten wurden Systeme, welche Anfragen an NetBIOS-
  127. > Namensdienste aus dem Internet beantworten, zunehmend zur Durchfhrung
  128. > von DDoS-Reflection-Angriffen gegen IT-Systeme Dritter missbraucht.
  129. > Der NetBIOS-Namensdienst verwendet Port 137/udp.
  130. >
  131. > Nachfolgend senden wir Ihnen eine Liste betroffener Systeme in Ihrem
  132. > Netzbereich. Der Zeitstempel (Zeitzone UTC) gibt an, wann der offene
  133. > NetBIOS-Namensdienst identifiziert wurde.
  134. >
  135. > Wir mchten Sie bitten, den Sachverhalt zu prfen und Manahmen zur
  136. > Absicherung der NetBIOS-Namensdienste auf den betroffenen Systemen
  137. > zu ergreifen bzw. Ihre Kunden entsprechend zu informieren.
  138. >
  139. > Falls Sie krzlich bereits Gegenmanahmen getroffen haben und diese
  140. > Benachrichtigung erneut erhalten, beachten Sie bitten den angegebenen
  141. > Zeitstempel. Wurde die Gegenmanahme erfolgreich umgesetzt, sollten
  142. > Sie keine Benachrichtigung mit einem Zeitstempel nach der Umsetzung
  143. > mehr erhalten.
  144. >
  145. > Weitere Informationen zu dieser Benachrichtigung, Hinweise zur
  146. > Behebung gemeldeter Sicherheitsprobleme sowie Antworten auf hufig
  147. > gestellte Fragen finden Sie unter:
  148. > <https://reports.cert-bund.de/>
  149. >
  150. > Diese E-Mail ist mittels PGP digital signiert. Informationen zu dem
  151. > verwendeten Schlssel finden Sie unter vorgenannter URL.
  152. >
  153. > Bitte beachten Sie:
  154. > Dies ist eine automatisch generierte Nachricht. Antworten an die
  155. > Absenderadresse <reports@reports.cert-bund.de> werden NICHT gelesen
  156. > und automatisch verworfen. Bei Rckfragen wenden Sie sich bitte
  157. > unter Beibehaltung der Ticketnummer [CB-Report#...] in der
  158. > Betreffzeile an <certbund@bsi.bund.de>.
  159. >
  160. > !! Bitte lesen Sie zunchst unsere HOWTOs und FAQ, welche unter
  161. > !! <https://reports.cert-bund.de/> verfgbar sind.
  162. >
  163. > ======================================================================
  164. >
  165. > Dear Sir or Madam,
  166. >
  167. > NetBIOS defines a software interface and a naming convention.
  168. > NetBIOS over TCP/IP provides the NetBIOS programming interface
  169. > over the TCP/IP protocol.
  170. >
  171. > Over the past months, systems responding to NetBIOS nameservice
  172. > requests from anywhere on the Internet have been increasingly
  173. > abused for DDoS reflection attacks against third parties.
  174. > The NetBIOS nameservice uses port 137/udp.
  175. >
  176. > Please find below a list of affected systems hosted on your network.
  177. > The timestamp (timezone UTC) indicates when the openly accessible
  178. > NetBIOS nameservice was identified.
  179. >
  180. > We would like to ask you to check this issue and take appropriate
  181. > steps to secure the NetBIOS nameservices services on the affected
  182. > systems or notify your customers accordingly.
  183. >
  184. > If you have recently solved the issue but received this notification
  185. > again, please note the timestamp included below. You should not
  186. > receive any further notifications with timestamps after the issue
  187. > has been solved.
  188. >
  189. > Additional information on this notification, advice on how to fix
  190. > reported issues and answers to frequently asked questions:
  191. > <https://reports.cert-bund.de/en/>
  192. >
  193. > This message is digitally signed using PGP. Information on the
  194. > signature key is available at the aforementioned URL.
  195. >
  196. > Please note:
  197. > This is an automatically generated message. Replies to the
  198. > sender address <reports@reports.cert-bund.de> will NOT be read
  199. > but silently be discarded. In case of questions, please contact
  200. > <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
  201. > of this message in the subject line.
  202. >
  203. > !! Please make sure to consult our HOWTOs and FAQ available at
  204. > !! <https://reports.cert-bund.de/en/> first.
  205. >
  206. > ======================================================================
  207. >
  208. > Betroffene Systeme in Ihrem Netzbereich:
  209. > Affected systems on your network:
  210. >
  211. > Format: ASN | IP address | Timestamp (UTC) | Workgroup name | Machine name
  212. > 24940 | 144.76.1.220 | 2017-06-15 01:42:07 | WORKGROUP | WIN-8TFF523AVFN
  213. >
  214. > Mit freundlichen Gren / Kind regards
  215. > Team CERT-Bund
  216. >
  217. > Bundesamt fr Sicherheit in der Informationstechnik (BSI)
  218. > Federal Office for Information Security
  219. > Referat CK22 - CERT-Bund
  220. > Godesberger Allee 185-189, D-53175 Bonn, Germany
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!