A friend gave me an interesting task: extract IP TTL values from TCP connections established by a userspace program. This seemingly simple task quickly exploded into an epic Linux system programming hack.
A week ago we published a story about new amplification attacks using memcached protocol on UDP port 11211. A few things happened since then: Github announced it was a target of 1.3Tbps memcached attack. OVH and Arbor reported similar large attacks with the peak reported at 1.7Tbps.
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet.
우리 Cloudflare는 실제 인터넷상의 서버 운영 경험이 많지만 이런 흑마술 수련도 게을리하지 않습니다. 이 블로그에서는 인터넷 프로토콜의 여러 어두운 부분을 다룬 적이 있지만, 이번에는 리눅스의 SYN패킷 처리에 대해서 자세히 알아 보도록 하겠습니다.
Here at Cloudflare, we have a lot of experience of operating servers on the wild Internet. But we are always improving our mastery of this black art. On this very blog we have touched on multiple dark corners of the Internet protocols: like understanding FIN-WAIT-2 or receive buffer tuning.