DDOs postgresql или что это происходит?

Question

[mashincode]

В моем докере лежит postgres, стандартный пользователь отключен, порт остался стандартным, время от времени она падает. По логам вижу сначала тоны таких сообщений

2020-02-14 17:26:38.505 UTC [62] FATAL:  password authentication failed for user "postgres"
2020-02-14 17:26:38.505 UTC [62] DETAIL:  Password does not match for user "postgres".
        Connection matched pg_hba.conf line 95: "host all all all md5"

А затем происходит это, причем все в дб остается нетронутым, у меня предположение, что скрипт гуляет по сети и попытками входа ддудосит мою базу, но может, что-то другое? Я собираюсь поменять порт, но как еще можно от этого защититься и что это вообще такое?

2020-10-16 12:03:33.965 UTC [599] FATAL:  no PostgreSQL user name specified in startup packet
2020-10-16 23:02:43.635 UTC [1916] FATAL:  password authentication failed for user "postgres"
2020-10-16 23:02:43.635 UTC [1916] DETAIL:  Role "postgres" does not exist.
	Connection matched pg_hba.conf line 99: "host all all all md5"
2020-10-16 23:10:51.361 UTC [1933] LOG:  invalid length of startup packet
2020-10-17 06:53:09.429 UTC [2857] FATAL:  unsupported frontend protocol 65363.19778: server supports 2.0 to 3.0
2020-10-17 07:50:38.203 UTC [2973] FATAL:  unsupported frontend protocol 0.0: server supports 2.0 to 3.0
2020-10-17 07:50:38.241 UTC [2974] FATAL:  unsupported frontend protocol 255.255: server supports 2.0 to 3.0
2020-10-17 07:50:38.281 UTC [2975] FATAL:  no PostgreSQL user name specified in startup packet
2020-10-17 09:02:51.192 UTC [3120] FATAL:  password authentication failed for user "root"
2020-10-17 09:02:51.192 UTC [3120] DETAIL:  Role "root" does not exist.
	Connection matched pg_hba.conf line 99: "host all all all md5"
2020-10-17 22:23:05.786 UTC [4723] FATAL:  unsupported frontend protocol 0.0: server supports 2.0 to 3.0
2020-10-17 22:23:05.825 UTC [4724] FATAL:  unsupported frontend protocol 255.255: server supports 2.0 to 3.0
2020-10-17 22:23:05.869 UTC [4725] FATAL:  no PostgreSQL user name specified in startup packet
2020-10-18 06:06:44.284 UTC [1] LOG:  received fast shutdown request
2020-10-18 06:06:44.297 UTC [1] LOG:  aborting any active transactions
2020-10-18 06:06:44.339 UTC [1] LOG:  background worker "logical replication launcher" (PID 30) exited with exit code 1
11:08
[2020-10-17 15:12:29 +0000] [1] [CRITICAL] WORKER TIMEOUT (pid:10)
[2020-10-17 15:12:29 +0000] [10] [INFO] Worker exiting (pid: 10)
[2020-10-17 15:12:29 +0000] [18] [INFO] Booting worker with pid: 18
[2020-10-18 06:06:44 +0000] [1] [INFO] Handling signal: term
[2020-10-18 06:06:44 +0000] [8] [INFO] Worker exiting (pid: 8)
[2020-10-18 06:06:44 +0000] [9] [INFO] Worker exiting (pid: 9)
[2020-10-18 06:06:44 +0000] [11] [INFO] Worker exiting (pid: 11)
[2020-10-18 06:06:44 +0000] [18] [INFO] Worker exiting (pid: 18)
[2020-10-18 06:06:45 +0000] [1] [INFO] Shutting down: Master

Answer 1

[Melkij]

База в принципе не должна быть доступна на внешнем интерфейсе. DoS на авторизацию устраивается элементарным спамом запросов на подключение, не нужно даже distributed.