rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_red
icon_orange
icon_red
icon_red
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#15321 — memcached amplified ddos

Attached to Project— Anti-DDoS
Modernization
In progress
0%
Misuse / misconfiguration of public facing memcached administrated by our customers can be used to generate outgoing ddos attacks.
We are contacting every affected customers to help them fix their configuration.
In the meantime, until our customers fix their configuration, we have deployed countermeasures using our antiddos solutions (VAC). These countermeasures have been designed to limit the possible side effects.

To help our customers to fix their Memcache's configuration, we put online a guide:
FR: https://docs.ovh.com/fr/dedicated/securiser-serveur-avec-service-memcache/
EN: https://docs.ovh.com/gb/en/dedicated/securing-server-with-memcached-service/
Comment by OVH - Friday, 02 March 2018, 10:09AM

After detecting abnormal outgoing traffic on our backbone, we quickly improved our mitigation system (VAC) to block incoming amplification queries, in 4 steps :
- 2018-02-27 10:00 UTC : Manual mitigation of the biggest part of the traffic
- 2018-02-28 16:00 UTC : Manual mitigation of some more traffic
- 2018-03-01 14:00 UTC : Custom profile to automatically be able to start the mitigation
- 2018-03-01 22:00 UTC : Fix last corner cases

In the meantine, we started contacting our customers to help them fix their configuration.


Comment by OVH - Friday, 02 March 2018, 10:10AM

We also adjusted our mitigation for incoming memcache DDoS on the 27th, and successfully mitigated a 1.3 Tbps attack yesterday (2018-03-01 01:00 UTC).