Is anyone having issues with internal network DoS? I have re-imaged my entire farm twice and somehow an attacker is getting in. I am not sure if my IP addy was stolen from one of the BTG mining pools or if there are unpatched security vulnerabilities within the 1.3/1.4 beta builds. A couple other miners running the same build are not having this problem. My farm is isolated to a dedicated router and the DoS only happens on the farm. I can run about 10 hours or less and then the attack hits. I have swapped modems, verified firewall configs on the router and the OS. I have wiresharked at the gateway and was not able to capture anything that stood out. Looking at the PacketStorm website I see a continuous flow of Linux vulnerabilities published every day. How often are security patches pushed for the latest Ubuntu build? I know that DDoS was the main reason for the exchanges to go down yesterday, but that attack vector was different.
My test bench rig running the exact same nvOC build on a separate network is not having this issue at all.
My test bench rig running the exact same nvOC build on a separate network is not having this issue at all.
Have you manually applied ubuntu updates?
Have you changed the default password in nvOC?
Is someone running DDoS against your IP or the DDoS is initiated from your rigs against someone else?
I have verified the integrity of the latest nvOC image, changed the default password, enabled UFW and only allowed port 22. ISP has no indications of an external attack or an attack originating from me. I have not applied any Ubuntu updates since the release of 19-1.4 beta. I have a feeling that is the ultimate cause for my issue is that someone is taking advantage of an exploit that I haven't patched yet. I have re-imaged twice now and it keeps occurring. My router firewall logs show "WANATTACK" and IPV4 and IPV6 drops.
