TPS-2018-002 UDP-Based Amplification Attacks (TA14-017A)

Overview

This notice is to advise Joyent customers of TA14-017A, a potential security vulnerability surrounding misconfigured applications/services that utilize User Datagram Protocol (UDP).

Description

A misconfigured application/service that utilizes UDP can cause a Triton instance to be vulnerable to Distributed Denial of Service (DDoS) attacks, causing the Triton instance to attack others.

Further details surrounding this vulnerability (including a list of applications/services that may be vulnerable) can be found in this alert from US-CERT.

Actions Taken by Joyent

If Joyent Support receives a notice that a customer’s instance has been compromised, we will temporarily stop the affected instance and notify the customer that they need to take action and confirm immediate mitigation.

Actions You Need to Take

If you are running one of the applications/services listed here, check its configuration and apply any updates recommended by the third-party application/service provider.

Support

If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

As noted above, if you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.