SourceHut 被 DDoS 後的報告

SourceHut 在 DDoS 後發表了報告:「SourceHut network outage post-mortem」。

這次的攻擊在 L3 層,直接塞爆 upstream bandwidth:

At around 06:00 UTC on January 10th, a layer 3 distributed denial-of-service (DDoS) attack began to target SourceHut’s PHL infrastructure.

上游 Cogent 選擇 null route 掉:

In response to the attack, Cogent announced null routes for our downstream AS, causing our PHL network to become unreachable both for SourceHut staff and the general public.

中間有試著問 Cloudflare 以及其他的方案,但依照他們的說法,費用上無法承受:

We initially researched a number of solutions, and spoke to Cloudflare in particular due to their ability to provide a rapid response to ongoing incidents. However, given our complex requirements, Cloudflare quoted us a figure which was not attainable within our financial means as a small company. Other options we researched (though we did not seek additional quotes) had similar economical constraints.

後來的解法是在 OVH 放 proxy server (搭配 OVH 的 DDoS 保護服務),然後導到沒有公開的 subnet:

However, we found that OVH’s anti-DDoS protections were likely suitable: they are effective, and their cost is amortized across all OVH users, and therefore of marginal cost to us. To this end the network solution we deployed involved setting up an OVH box to NAT traffic through OVH’s DDoS-resistant network and direct it to our (secret) production subnet in AMS; this met our needs for end-to-end encryption as well as service over arbitrary TCP protocols.

GitHub 在還沒被 Microsoft 併購前 (2018 年) 也有被打的記錄,2015 年的時候 Google 有放一些資料,當年有寫一篇記錄下來:「Google 對 GitHub 先前遭受 GFW 的 DDoS 攻擊的分析」,不過當年這波是 L7 的。

另外 2016 年的時候 GitHub 也有整理一篇關於 TCP SYN flood 的阻擋方式,這個看起來比較接近這次的攻擊:「GitHub 對抗 TCP SYN Flood 的方式:synsanity」。

去年 OVH 機房大火的部份情形最近被揭露

去年三月在「OVH 法國機房 SBG2 火災全毀」這邊有提到 OVH 的機房大火事件,最近有些情況總算被揭露出來了。

Hacker News 上看到「OVHcloud fire report: SBG2 data center had wooden ceilings, no extinguisher, and no power cut-out」這篇這個月月初的報導,裡面題到了一些情形。另外對應的討論在「OVHcloud fire: SBG2 data center had no extinguisher, no power cut-out (datacenterdynamics.com)」這邊可以看到。

其中一個是在講消防隊花了三個小時才把電力切斷,因為電力室外面有非常強力的電弧:

According to the report firefighters on the scene found electrical arcs more than one meter long flashing around the door to the power room, and it took three hours to cut off the power supply because there was no universal cut-off.

另外電力室本身的設計也不利於防火 (木造天花板?),而且電力管道也沒有隔離:

The power room had a wooden ceiling designed to withstand fire for one hour, and the electrical ducts were not insulated.

另外因為節能的設計,他們設計了多個通道讓外部的空氣容易進入 data center 交換熱量,但這也導致了火苗很不容易熄滅:

Once the fire escaped from the power room, it grew rapidly. The report says that "the two interior courtyards acted as fire chimneys". JDN claims the spread of fire may have been accelerated by the site's free cooling design, which is designed to encourage the flow of outside air through the building to cool the servers.

OVH 目前因為訴訟的關係,基本上都是拒絕評論...

OVH 法國機房 SBG2 火災全毀

OVH 算是國際上很大的 Hosting 公司,昨天在法國史特拉斯堡 (Strasbourg) 的 SBG2 機房發生火災,這邊的 Octave Klaba 是 OVH 的創辦人與老闆,另外在 Hacker News 上的「Fire declared in OVH SBG2 datacentre building (ovh.net)」這邊也有討論可以看:

可以在 Threadreader 上面讀整個 thread,Octave Klaba 有一直有在 Twitter 上 update 進度與後續的計畫:「https://threadreaderapp.com/thread/1369478732247932929.html」。

新聞媒體也有一些當時的空拍圖放出來了:

出自「Strasbourg: important incendie chez OVHcloud, de nombreux sites internet indisponibles partout dans le monde」。

另外更重要的是伺服器裡面資料的部份,其中 SBG2 全毀,SBG1 毀了四間 (SBG1 總共 12 間),這些資料看起來都沒辦法救了。而 SBG3 與 SBG4 的機器還在,但目前沒有電力。

接下來的會花時間重建 SBG{1,3,4} 的電力系統與重建對外連線,看起來 20KV 的線路與 240V 的線路都有受損需要重弄。

然後也已經有廠商丟災情出來了,線上遊戲的 Rust 一開始說他們受到影響:

但更慘的是官方後續更新,直接說資料無法恢復,聽起來像是沒有備份資料,或是備份資料也在同一個機房內:

除了重建外,現在應該是等後續看起火原因,理論上機房的消防設備應該要能擋下全毀... 等原因出來後,來看看是不是會改變整個機房產業的消防設計架構。