Important: The explanations given below are known best-practices. They do not guarantee that your resources will not be locked if we detect that they are part of a DDoS attack.
Denial of Service (DoS) attack is an attack through which a person can render a system unusable, or significantly slow it down for legitimate users, by overloading its resources.
A Distributed Denial of Service (DDoS) attack is a DoS attack that is performed at the same time by a multitude of compromised systems.
The goal of a DoS is not to gain unauthorized access to machines or data but to prevent legitimate users of a service from using it.
You are responsible for your resources. If a resource you control takes part in a DDOS you will be considered responsible for attacking the target of this DDoS.
Scaleway will lock any resources (instances, Kubernetes cluster, bare-metal server, …) that are identified as a contributor to a DDoS. This lock can be done without prior notice to protect our network and the target network; this is written in our Terms and Conditions (Scaleway, Online).
Memcached is a free & open-source, high-performance, distributed memory object caching system. It is used as a key-value store in memory.
Memcached can be used in DDoS because of its large amplification factor.
Recommendations
To configure securely your memcache, proceed as follows:
Ensure that in your /etc/memcached.conf
you got both settings defined:
# Disable UDP listening
-U 0`
# Listen only on localhost
-l 127.0.0.1
Network time protocol (NTP) servers are regularly being used to reflect and amplify spoofed UDP packets towards the target of a DDoS attack.
NTP servers where the monlist
command can be run by any unauthorized users are particularly troublesome. These commands provide a huge amplification effect to the attacker.
Recommendations
To configure securely your NTP server, proceed as follows:
Domain Name System (DNS) is a commonly used protocol to perform DDoS attacks because of its UDP based protocol and lack of security features by default. DNS amplification attacks almost always take advantage of open resolvers. An open resolver is a DNS server that answers queries for a domain name without restrictions: anybody on the Internet can query it and it will answers. This makes it particularly troublesome as a spoofed IP address that will generate a reflection attack.
In addition to that, a DNS reply is usually larger than its corresponding query. Therefore, DNS can be used to have an amplification effect.
Recommendations
To configure securely your DNS server, proceed as follows:
HTTP(s) proxies are software that will perform an HTTP(s) request in place of a client and forward the response to the client. This can be used in the case of a DDOS attack to perform amplification (a small request can generate a large answer) and reflection (IP address can be spoofed).
Recommendations
To configure securely your HTTP proxy, proceed as follows: