rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#2495 — FS # 6459 - limiting outgoing UDP attack

Attached to Project— Network
Modernization
Whole Network
CLOSED
100%
Sometimes a large number of servers get hacked by the same security fault. Hackers use these resources in order to launch an attack into a target. As our network is an important one, often the target is destroyed.

These attacks are made in 98 cases out of 100 on the UDP layer.

We have currently an attack on which we will examine setting a restriction in order to block it.

We are trying to aggregate the attack to 20Mbps into the IP target.

Date:  Tuesday, 13 March 2012, 05:05AM
Reason for closing:  Done
Comment by OVH - Tuesday, 06 March 2012, 07:09AM

We limited it to 10Mbps, 5Mbps and 1Mbps to check if the restrictions are working. And it works. So we have the techno. And Facebook is happy :)
To check if it works we released traffic to FB by our USA backbone and our backbone San Jose in California-. Then we watched the behavior when we changed the settings.

This job is really harsh.


Comment by OVH - Tuesday, 06 March 2012, 07:09AM

Host Loss% Snt Last Avg Best Wrst StDev
1. rbx-s3-6k.fr.eu 0.9% 1024 0.3 8.6 0.3 318.3 34.9
2. rbx-g1-a9.fr.eu 0.0% 1024 0.8 1.1 0.5 4.4 0.7
3. ldn-1-6.uk.eu 5.3% 1024 4.0 60.6 3.9 358.4 72.4
4. nwk-1-6k.nj.us 4.7% 1024 72.6 76.4 72.5 331.0 22.5
5. dal-1-6k.tx.us 2.4% 1024 107.1 112.1 106.9 323.4 26.5
6. snj-1-6k.ca.us 3.3% 1024 140.7 145.6 140.6 344.0 25.1
7. snj-2-6k.ca.us 1.2% 1024 141.4 148.8 141.3 455.7 32.1
8. gblx.as3549.ca.us 0.0% 1024 141.4 140.7 140.6 151.2 0.5
9. e16-1-10G.ar5.SJC2.g 0.0% 1024 150.3 143.5 141.3 163.1 4.0
10. 64.208.158.30 0.0% 1024 145.5 149.2 145.3 265.6 13.5
11. ae0.bb01.sjc1.tfbnw. 0.0% 1024 154.3 154.9 154.1 179.4 3.2
12. ae1.dr02.snc4.tfbnw. 0.0% 1024 153.0 153.6 153.0 185.6 3.3


Comment by OVH - Tuesday, 13 March 2012, 05:05AM

Well, it works, it remains to check how and when to generalize it on the UDP layer and by how much by IP.