This week one of our development servers was part of a DDOS attack. It caught me off guard as we just installed it on a VPS the day before. Our traffic graphs showed us our VPS was sending out ~ 300MB/s according to Proxmox. Of course, we rate limited the port and did some digging. Came to find out that it was our memcached server was part of an amplification attack, that was causing the problem. We had disabled the firewall since this server was not connected to any trunks and was just for us to test a webpage we built, so no harm to us. (Sorry to whoever we were DDOSING, but lesson learned.)
Here is a link to more information.
https://www.techrepublic.com/articl...s-to-overload-networks-with-260-gbps-traffic/
and a simple google search brings up a lot more HERE.
So how can you fix it? Simple, block UDP port 11211 from external sources and don't leave servers running with their firewalls off
Here is a link to more information.
https://www.techrepublic.com/articl...s-to-overload-networks-with-260-gbps-traffic/
and a simple google search brings up a lot more HERE.
So how can you fix it? Simple, block UDP port 11211 from external sources and don't leave servers running with their firewalls off
