DDOS атака через Antminer

[Rockminer 49]

Добрый день, уважаемая публика. Мне бы хотелось сообщить об проблеме, с которой я столкнулся на днях. Мне написали админы моего датацентра и сообщили о повышении трафика, проходящего через мои майнеры. У майнеров статические адреса не закрытые фаерволом. Наверное, делать так настройки не стоило, поэтому если подскажете, как решить этот вопрос корректно, буду признателен.

 

Админы посоветовали добавить следующие строчки в файл /etc/ntp.conf

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

 

Я это сделал и перезапустил /etc/ntp.conf с помощью команды ~# /etc/init.d/ntpd restart

И это даже помогло. Но работало это решение до момента ребута асика. Файл /etc/ntp.conf после ребута изменился в исходное старое состояние.

 

Я написал в поддержку битмейна подробное письмо. Если у вас есть какие-то идеи как исправить проблему, пожалуйста, напишите.

 

Цитата

Hello dear Bitmain's Support!
Thank you for your excellent work, I always feel happy when we together fix all my troubles :)

I would like to write you about dangerous threat. It is opportunity of hacker's DDOS  attack using my Antminers (D3, L3+, A3, S9) to another ip adresses. I had a call with security of my Data center where I have my working Antminers. Security said me that they see DDOS activities using my Antminers, They see a lot of high traffic activity that using substitution of reverse ip-address via ntp.

They recomended me to add additional strings into
/etc/ntp.conf

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

[email protected]:~# cat /etc/ntp.conf
# This is the most basic ntp configuration file
# The driftfile must remain in a place specific to this
# machine - it records the machine specific clock error
driftfile /etc/ntp.drift
# This obtains a random server which will be close
# (in IP terms) to the machine.  Add other servers
# as required, or change this.
server pool.ntp.org
# Using local hardware clock as fallback
# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself
server 127.127.1.0
fudge 127.127.1.0 stratum 14
# Defining a default security setting
restrict default
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

And reboot ntp service

[email protected]:~# /etc/init.d/ntpd restart
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 325)
done
Starting ntpd: done
[email protected]:~#

If to do all right that it can resolve this trouble with ip.

Good example with ip adress can be like this:

~$ ntpdc -c monlist 112.15.10.1
112.15.10.1: timed out, nothing received

===========
I fixed ntp.conf correctly and asked the security: "Right now all is ok?" They answered: "Yeah, all is good! Traffic was blocked" But after I rebooted Antminer and, oh my god, the congif file "/etc/ntp.conf" was changed into old version.

[email protected]:~# cat /etc/ntp.conf
# This is the most basic ntp configuration file
# The driftfile must remain in a place specific to this
# machine - it records the machine specific clock error
driftfile /etc/ntp.drift
# This obtains a random server which will be close
# (in IP terms) to the machine.  Add other servers
# as required, or change this.
server pool.ntp.org
# Using local hardware clock as fallback
# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself
server 127.127.1.0
fudge 127.127.1.0 stratum 14
# Defining a default security setting
restrict default

=======

I ask you help me to resolve this troubles with miners. Please send the request to your security administrators. If you need some additional information from my datacenter's security admins please feel free and ask me, I could immidiatelly send you all info about my asics.