Welcome toTencent Cloud + community, get more Tencent mass technology practice dry goods oh ~
This article is published by Tencent Game Cloud in cloud + community column
Background: Memcached attack Records DDoS attack traffic
The number of DDoS attacks using Memcached server is on the rise. DDoS attack traffic crossed T for the first time, triggering a warm response from the industry. Now Tencent Game cloud backtracking the whole event is as follows:
Back on February 27, Cloudflare and Arbor Networks warned on Tuesday that malicious attackers were abusing the Memcached protocol to launch distributed denial of service (DDoS) amplification attacks, Many servers around the world, including Arbor Networks, were affected. The following figure shows the Memcached attack situation.
Just one day later, 1.35Tbps attack traffic set a new DDoS attack record.
GitHub revealed Wednesday afternoon EASTERN time that it may have been the victim of the most powerful DDoS attack ever. Experts say the attackers used Memcached reflection to amplify the attack, which could lead to larger distributed denial of service (DDoS) attacks in the future. The first peak traffic attack on GitHub hit 1.35Tbps and was followed by another 400Gbps, making it possibly the strongest DDoS attack ever recorded, up from 1.1Tbps.
According to CNCERT3 on March 3, the Memcached reflection attack detected a peak traffic of 1.94Tbps around 2:30 am Beijing time on March 1.
Tencent Cloud captured several Memcached reflective DDoS attacks
As of March 6, Tencent Cloud had caught several reflective DDoS attacks using Memcached. The main targets include games, portal sites and other businesses.
Tencent cloud data monitoring shows that the Memcached reflection attacks launched by black industry against Tencent cloud business entered an active period from February 21, and reached an active peak on March 1. Then the number of attacks decreased significantly, and the attack peak appeared again on March 5. The attack situation is as follows:
The following is a sample of Memcached reflected DDoS attacks captured by Tencent Cloud:
Tencent Cloud captured 22,511 Memcached reflection sources. **Memcached reflection source distribution is as follows:
Under the Aegis security system of Tencent Cloud, Tencent cloud services are not affected by Memcached reflected DDoS attacks.
So, what is a Memcached reflection attack?
In general, depending on the protocol and the type of attack, DDoS attacks are classified into SYN Flood attacks, ACK Flood attacks, UDP Flood attacks, NTP Flood attacks, SSDP Flood attacks, DNS Flood attacks, HTTP Flood attacks, ICMP Flood attacks, and CC attacks.
The history of DDoS attack can be traced back to the 1990s, and the reflex DDoS attack is a more ingenious one. * * the attacker does not target service IP directly, but through forged by the attacker’s IP to open some specific service server sends the request message, the server will reply several times the request packet data sent to the forged IP (i.e., the target service IP), so as to realize the hills with beef, the effect of four two dial the daughter. Memcached reflection attacks are favored by attackers because of their amplification of tens of thousands of times.
In a Memcached reflection attack, the attacker uses the IP address of the victim to make a large number of requests to Memcached services on the Internet. Memcached responds to the requests. A large number of response packets are aggregated to forged IP address sources, forming reflective distributed denial of service attacks.
Why is it such a threat?
According to the members of the Aegis security team of Tencent Cloud, the magnification of DDoS threats we faced in the past, such as NTP and SSDP reflection attacks, is generally between 30 and 50 times, while the magnification of Memcached is in units of ten thousand, and the magnification is usually close to 50,000 times, and the possibility of further magnification cannot be ruled out. By taking advantage of this feature, an attacker can launch a high-traffic DDoS attack with very little bandwidth.
Safety construction requires preparation for a rainy day
As early as the Memcached reflection DDoS attack method to test the goose factory business, Tencent Cloud has been aware of the risk and made deployment in advance, this round of Memcached reflection based DDoS attacks launched by hackers were successfully defended.
At the same time, Tencent Cloud, after capturing the Memcached attack, assists business customers in self-examination and provides monitoring and repair suggestions to ensure that users’ servers are not used to launch DDoS attacks.
Security suggestions for dealing with DDoS Attacks with Heavy Traffic
DDoS attacks are becoming more and more serious, and attack traffic records are constantly being set. In the face of massive traffic attacks beyond Tbps level, the Aegis security product team of Tencent Cloud suggests users to do the following:
1. Pay more attention to reflective UDP attacks and improve risk awareness
Reflective UDP attacks account for half of DDoS attacks. According to the 2017 DDoS Attack Situation report of Tencent Cloud Game industry, reflective UDP attacks accounted for 55% of DDoS attacks in 2017, so we need to pay more attention to this type of attacks.
The Memcached reflex attack is a relatively new type of UDP reflex attack, which brings huge security risks. Therefore, the industry needs to pay close attention to Internet security trends, improve risk awareness, and take countermeasures. Conduct necessary drills in the event of a threat outbreak in the industry.
2. To cope with the threat of heavy traffic attacks, you are advised to access Tencent cloud super capacity high defense products
Address the escalating risk of DDoS attacks. You are advised to configure Tencent cloud high-capacity defense products and hide the source IP address. Use bandwidth resources with high anti-DDOS IP addresses to cope with possible large-volume traffic attacks and customize defense policies based on service characteristics to ensure service availability and handle DDoS attacks calmly. In the face of high-level DDoS threats, upgrade defense configurations in a timely manner, and request expert services from DDoS defense vendors if necessary.
Know tencent cloud a new generation of high resistant products: cloud.tencent.com/product/aeg…
3. Industries vulnerable to heavy traffic attacks need to strengthen prevention
Businesses vulnerable to hacking in the past, such as portals, finance and gaming, need to strengthen their defenses, and businesses with weak DDoS protection capabilities, such as governments, need to be vigilant against massive traffic attacks.
Risk has often appeared, once the black spring wind started, without protection, will ignite a prairie fire.
Reference links:
Blog.cloudflare.com/memcrashed-…
Mp.weixin.qq.com/s/b0TXg_7Q9…
Question and answer
How can I defend against DDos attacks?
reading
Game sea, how to avoid the DDoS reef?
3 lines of code for QQ light game plus voice interaction ability
Learn the secrets to a great Fortnite experience!
Machine learning in action! Quick introduction to online advertising business and CTR knowledge
This article has been authorized by the author to Tencent Cloud + community, more original text pleaseClick on the
Search concern public number “cloud plus community”, the first time to obtain technical dry goods, after concern reply 1024 send you a technical course gift package!
Massive technical practice experience, all in the cloud plus community!