OVH Community, your new community space.

URGENT AND IMPORTANT DNS resolver and DNS AMP Part 1


Trapper
21-06-2013, 00:22
Yes!

Everything went back to normal soon thereafter, but I have noticed one-time since it happened again.

OVH - I guess this is something that happens when you do some form of update. Care to comment?

~Trap

UK1
12-06-2013, 23:08
haha did this really happen

cartwright118
05-06-2013, 08:29
Quote Originally Posted by Trapper
OK, so I made a joke...

It's a Monty Python thing - Us Brits are odd like that.

Someone on OVH must have spotted it, and thought they would get their own back. My "Manager" is now in French:

... Very funny: Now can you please change it back...

~Trap
Now that's funnier than the initial joke - love Monty Python

Trapper
05-06-2013, 00:40
...and for those who do not get Monty Python Reference:

http://youtu.be/FWBUl7oT9sA

..without this, we would not have Boris Johnson...

~Trap

Trapper
05-06-2013, 00:28
OK, so I made a joke...

It's a Monty Python thing - Us Brits are odd like that.

Someone on OVH must have spotted it, and thought they would get their own back. My "Manager" is now in French:



... Very funny: Now can you please change it back...

~Trap

Trapper
04-06-2013, 18:01
Quote Originally Posted by Kacotet
w00t, more foreign thread spam.
As only Monty Python could say (in a thick French accent):

"...fart in your general direction..."

NatdaS
04-06-2013, 18:00
Quote Originally Posted by Trapper
Is this the same as the other day:

http://forum.ovh.co.uk/showthread.php?t=6634

but in French again..?
Correct. Here it is again for anyone that missed it...

Dear Customer,

Out of almost 160,000 physical servers and more than 40,000 VMs managed on our network, some have incorrect DNS configurations, which allow hackers to use the DNS server to launch attacks (DDoS attacks, type DNS AMP) directed at their targets from our network.

When we detect this kind of attack, we quarantine any IPs that are under attack and we look at all the source IPs participating in the attacks. (In a few weeks the traffic will be purged in order to make it safe again). This enables us to locate and close down a server very easily, with evidence, then to inform the customer that they have caused a security incident.

For one week, we have been working on DNS amplification attacks generated by our customers due to incorrect BIND configuration. An email has already been sent out to the first 500 customers requested to correct this problem and we are preparing an email for the remaining 3000 customers.

At the same time, we are controlling the ongoing attacks, several per day, because the BIND is still not fixed, because the customer does not have time or thinks that it isn't serious.

Since 1pm, we have therefore quarantined the 3200 IPs participating in an attack. The quarantine goes through our VAC1 mitigation infrastructure in RBX and we filter all external DNS requests which aim to launch the attack. Other requests are not filtered and are allowed to pass.

At the same time, we are sending emails out to emails customers so that the problem gets fixed within 24hrs. From tomorrow, we will begin to suspend servers on the grounds of security risks.

Is my DNS server protected?
Test your IP here: http://ovh.to/6bc7evq

How to secure the DNS?
Follow instructions in the DNS configuration guide here: http://ovh.to/CTG8bvX

Can OVH perform this action?
Yes, this will cost £20 and a ticket must be opened here: http://ovh.to/jkTsuat

Regards,

Octave

Kacotet
04-06-2013, 17:51
w00t, more foreign thread spam.

Trapper
04-06-2013, 17:39
Is this the same as the other day:

http://forum.ovh.co.uk/showthread.php?t=6634

but in French again..?

oles@ovh.net
04-06-2013, 17:30
Dear Customer,

Out of almost 160,000 physical servers and more than 40,000 VMs managed on our network, some have incorrect DNS configurations, which allow hackers to use the DNS server to launch attacks (DDoS attacks, type DNS AMP) directed at their targets from our network.

When we detect this kind of attack, we quarantine any IPs that are under attack and we look at all the source IPs participating in the attacks. (In a few weeks the traffic will be purged in order to make it safe again). This enables us to locate and close down a server very easily, with evidence, then to inform the customer that they have caused a security incident.

For one week, we have been working on DNS amplification attacks generated by our customers due to incorrect BIND configuration. An email has already been sent out to the first 500 customers requested to correct this problem and we are preparing an email for the remaining 3000 customers.

At the same time, we are controlling the ongoing attacks, several per day, because the BIND is still not fixed, because the customer does not have time or thinks that it isn't serious.

Since 1pm, we have therefore quarantined the 3200 IPs participating in an attack. The quarantine goes through our VAC1 mitigation infrastructure in RBX and we filter all external DNS requests which aim to launch the attack. Other requests are not filtered and are allowed to pass.

At the same time, we are sending emails out to emails customers so that the problem gets fixed within 24hrs. From tomorrow, we will begin to suspend servers on the grounds of security risks.

Is my DNS server protected?
Test your IP here: http://ovh.to/6bc7evq

How to secure the DNS?
Follow instructions in the DNS configuration guide here: http://ovh.to/CTG8bvX

Can OVH perform this action?
Yes, this will cost £20 and a ticket must be opened here: http://ovh.to/jkTsuat

Regards,

Octave