Misuse / misconfiguration of public facing memcached administrated by our customers can be used to generate outgoing ddos attacks.
We are contacting every affected customers to help them fix their configuration.
In the meantime, until our customers fix their configuration, we have deployed countermeasures using our antiddos solutions (VAC). These countermeasures have been designed to limit the possible side effects.
To help our customers to fix their Memcache's configuration, we put online a guide:
EN: https://docs.ovh.com/gb/en/dedicated/securing-server-with-memcached-service/Update(s): Date: 2018-03-02 09:10:16 UTC
We also adjusted our mitigation for incoming memcache DDoS on the 27th, and successfully mitigated a 1.3 Tbps attack yesterday (2018-03-01 01:00 UTC).Date: 2018-03-02 09:09:31 UTC
After detecting abnormal outgoing traffic on our backbone, we quickly improved our mitigation system (VAC) to block incoming amplification queries, in 4 steps :
- 2018-02-27 10:00 UTC : Manual mitigation of the biggest part of the traffic
- 2018-02-28 16:00 UTC : Manual mitigation of some more traffic
- 2018-03-01 14:00 UTC : Custom profile to automatically be able to start the mitigation
- 2018-03-01 22:00 UTC : Fix last corner cases
In the meantine, we started contacting our customers to help them fix their configuration.