Memcrashed – Major amplification attacks from UDP port 11211
CC BY-SA 2.0 image by David Trawin
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.
In the past, we have talked a lot about amplification attacks happening on the internet. Our most recent two blog posts on this subject were:
- SSDP amplifications crossing 100Gbps. Funnily enough, since then we were a target of an 196Gbps SSDP attack.
- General statistics about various amplification attacks we see.
The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources - most typically the network itself.
Amplification attacks are effective, because often the response packets are much larger than the request packets. A carefully prepared technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) "amplifying" the attacker's bandwidth.
Memcrashed
Obscure amplification attacks happen all the time. We often see "chargen" or "call Continue reading
Enea Buys Openwave Mobility for $90M, Boosts NFV Play
Openwave claims seven of the top 20 mobile operators deploy its NFV platform.
McAfee CEO: Make Cybersecurity the New Quality Standard
The company is working with service providers to embed security in their products.
Containers Vs. PaaS: A Tough Choice
What abstraction layer should IT infrastructure teams provide developers? Containers or Platform-as-a-Service solutions like Cloud Foundry? The question is a difficult one to answer, as Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, explains in this video.
Telia Sees ‘Fast-Fail’ Model as a Financial Risk
The need to support legacy systems adds costs.
Upcoming ipSpace.net Events
In March 2018, we’ll continue the crazy content producing pace you’ve seen in January and February:- We’ll have the first part of NSX, ACI or EVPN webinar on March 1st. This session will cover the basics (don’t expect too many details), a follow-up session on April 24th with Mitja Robas will go into design considerations;
- The EVPN Technical Deep Dive series with Dinesh Dutt starts on March 6th;
- Elisa and Paolo will run the final part of Network Visibility with Flow Data on March 8th;
- Last webinar in March: another installment in the leaf-and-spine saga – Multi-Pod and Multi-Site Fabrics with Lukas Krattiger on March 29th;
Read more ...
CI/CD For Networking Part 4
Jenkins installation.CI/CD For Networking Part 4
Jenkins is and open source project that helps to build, test and deploy code. Jenkins is a very mature project in the CI/CD space and has the ability to perform many automation tasks with the help of plugins. For this part of series Jenkins will be installed on a Centos 7 minimal hosts ...Unit Testing Junos with JSNAPy
I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation:
- Config-Centric - Verify my network is configured correctly
- State-Centric - Verify the network has the operational state I expect
- Application-Centric - Verify my applications can use the network in the way I expect
In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations. One of those tools popped up on my radar this week - jsnapy.
JSNAPy
JSNAPy describes itself as the python version of the Junos snapshot administrator. While this isn’t untrue, I think it’s a huge undersell. In my view, the assertions you can make on the data retrieved via these snapshots is where JSNAPy really shines. So in order to conceptually understand JSNAPy, I’d recommend you think of it as as a generic assertion engine for Junos, and the snapshots Continue reading
Unit Testing Junos with JSNAPy
I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation: Config-Centric - Verify my network is configured correctly State-Centric - Verify the network has the operational state I expect Application-Centric - Verify my applications can use the network in the way I expect In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations.Unit Testing Junos with JSNAPy
I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation: Config-Centric - Verify my network is configured correctly State-Centric - Verify the network has the operational state I expect Application-Centric - Verify my applications can use the network in the way I expect In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations.GTT Buys Europe’s Interoute for $2.3 Billion
The acquisition expands GTT's software-defined networking services.