GitHub recently experienced the largest attack we've seen to date. At the peak, they received 1.35 Tbps via 126.9 million packets per second. We don't know who launched the attack but we know how they did it. The attackers used an amplification attack using
An amplification attack allows the attacker to send only a small request but still generate a large attack
We'll not talk about how to respond to an amplification attack on this post. Instead, I will outline steps to secure your
Memcached is used to speed up your application. Response time can go down if your Rails application can get data from
Use a firewall
Memcached needs to be accessible from your other servers but there's no reason to expose it to the internet. At Engine Yard, we use an AWS security group to prevent access to all ports by default (except for a few ones). Memcached uses port 11211 which is only exposed to the servers belonging to the same Engine Yard environment. In short, only your other production servers have access to your production
This alone would prevent your server from being used in an attack. A better reason to do this is to protect your data. Memcached out of the box doesn't use authentication so anyone who can connect to your server will be able to read your data.
While this is enough to secure your
Listen on a private interface
If you're running one server for your Rails application and 127.0.0.1
For production setups where you have multiple Rails servers that need to connect to 192.168.0.1
172.16.0.1
10.0.0.1
When you start --listen 127.0.0.1
--listen 192.168.0.1
Disable UDP
The amplification attack on GitHub used UDP. I like many people, was surprised that
To disable UDP, -U 0
Summary
That's it. Follow these simple rules and your data will be safe and your
Resources
GitHub DDOS Incident Report
Cloudflare blog on
Comments