OVH Community, your new community space.


04-06-13, 22:35
Oles/OVH ontdekt wat DNS amplified aanvallen zijn en ontdekt ook nog dat 3200 van de eigen servers daarvoor ingezet worden.

Nouja beter laat dan nooit zullen we maar zeggen.

Kort samengevat, iedereen die géen DNS server wenst te draaien, deinstalleer het pakket "bind". Als je niet weet wat DNS server is dan heb je het al helemaal niet nodig. Onbegrijpelijk dat het überhaupt standaard meegeïnstalleerd wordt.
04-06-13, 17:30
Dear Customer,

Out of almost 160,000 physical servers and more than 40,000 VMs managed on our network, some have incorrect DNS configurations, which allow hackers to use the DNS server to launch attacks (DDoS attacks, type DNS AMP) directed at their targets from our network.

When we detect this kind of attack, we quarantine any IPs that are under attack and we look at all the source IPs participating in the attacks. (In a few weeks the traffic will be purged in order to make it safe again). This enables us to locate and close down a server very easily, with evidence, then to inform the customer that they have caused a security incident.

For one week, we have been working on DNS amplification attacks generated by our customers due to incorrect BIND configuration. An email has already been sent out to the first 500 customers requested to correct this problem and we are preparing an email for the remaining 3000 customers.

At the same time, we are controlling the ongoing attacks, several per day, because the BIND is still not fixed, because the customer does not have time or thinks that it isn't serious.

Since 1pm, we have therefore quarantined the 3200 IPs participating in an attack. The quarantine goes through our VAC1 mitigation infrastructure in RBX and we filter all external DNS requests which aim to launch the attack. Other requests are not filtered and are allowed to pass.

At the same time, we are sending emails out to emails customers so that the problem gets fixed within 24hrs. From tomorrow, we will begin to suspend servers on the grounds of security risks.

Is my DNS server protected?
Test your IP here:

How to secure the DNS?
Follow instructions in the DNS configuration guide here:

Can OVH perform this action?
Yes, this will cost €20 and a ticket must be opened here: