OVHcloud Network Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS # 6459 - limiting outgoing UDP attack
Scheduled Maintenance Report for Network & Infrastructure
Completed
Sometimes a large number of servers get hacked by the same security fault. Hackers use these resources in order to launch an attack into a target. As our network is an important one, often the target is destroyed.

These attacks are made in 98 cases out of 100 on the UDP layer.

We have currently an attack on which we will examine setting a restriction in order to block it.

We are trying to aggregate the attack to 20Mbps into the IP target.


Update(s):

Date: 2012-03-13 04:05:02 UTC
Well, it works, it remains to check how and when to generalize it on the UDP layer and by how much by IP.


Date: 2012-03-06 06:09:33 UTC
Host Loss% Snt Last Avg Best Wrst StDev
1. rbx-s3-6k.fr.eu 0.9% 1024 0.3 8.6 0.3 318.3 34.9
2. rbx-g1-a9.fr.eu 0.0% 1024 0.8 1.1 0.5 4.4 0.7
3. ldn-1-6.uk.eu 5.3% 1024 4.0 60.6 3.9 358.4 72.4
4. nwk-1-6k.nj.us 4.7% 1024 72.6 76.4 72.5 331.0 22.5
5. dal-1-6k.tx.us 2.4% 1024 107.1 112.1 106.9 323.4 26.5
6. snj-1-6k.ca.us 3.3% 1024 140.7 145.6 140.6 344.0 25.1
7. snj-2-6k.ca.us 1.2% 1024 141.4 148.8 141.3 455.7 32.1
8. gblx.as3549.ca.us 0.0% 1024 141.4 140.7 140.6 151.2 0.5
9. e16-1-10G.ar5.SJC2.g 0.0% 1024 150.3 143.5 141.3 163.1 4.0
10. 64.208.158.30 0.0% 1024 145.5 149.2 145.3 265.6 13.5
11. ae0.bb01.sjc1.tfbnw. 0.0% 1024 154.3 154.9 154.1 179.4 3.2
12. ae1.dr02.snc4.tfbnw. 0.0% 1024 153.0 153.6 153.0 185.6 3.3

Date: 2012-03-06 06:09:30 UTC
We limited it to 10Mbps, 5Mbps and 1Mbps to check if the restrictions are working. And it works. So we have the techno. And Facebook is happy :)
To check if it works we released traffic to FB by our USA backbone and our backbone San Jose in California-. Then we watched the behavior when we changed the settings.

This job is really harsh.
Posted Mar 06, 2012 - 06:03 UTC