I received an email today from my VPS host stating that they received the security alert below from the German Federal Office for Information Security (BSI). Any idea what’s the cause of this or how to resolve it??
Dear Sir or Madam,
open DNS resolvers are abused for conducting DDoS reflection/
amplification attacks against third parties on a daily basis.
Affected systems on your network:
Format: ASN | IP | Timestamp (UTC)
24940 | My VPS’s IP Address | 2019-11-26 03:11:51
We would like to ask you to check if the open resolvers identified
on your network are intentionally configured as such and appropriate
countermeasures preventing their abuse for DDoS attacks have been
Additional information on this notification, advice on how to fix
reported issues and answers to frequently asked questions: https://reports.cert-bund.de/en/
Not sure and probably won’t know for a fact. What I did was I contacted my DNS provider and shared the email from CERT. They ran a few tests and replied to me that what they’re doing is fully in-line with CERT’s requirements (https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/C), and they shared the results and asked for more details from CERT on the issue in order to comply. I contacted CERT with the details from the DNS provider, and CERT whitelisted my VPS’s IP address.