In response the discovery by researchers that DDoS attackers are using the free utility memcached protocol and servers that support the Internet protocol UDP to magnify attacks, a ‘reflection’ technique that sharply expands attack impacts, Ashley Stephenson, CEO at Corero Network Security commented below.
Ashley Stephenson, CEO at Corero Network Security:
“Time to add “memcached” to the list of useful Internet services that can be turned upon themselves to attack rather than serve.
“This free utility has provided more than a decade of useful service helping websites, blogs and databases run faster but is now being leveraged by malicious actors to launch supercharged DDoS attacks. Like several recent DDoS amplification vectors such as the CLDAP exploit first reported by Corero in 2017, memcached is vulnerable to UDP exploits due to an unnecessarily permissive wide-open default access policy allowing it to serve all requestors without prejudice.
“However, Corero has already seen operators begin to secure their memcached services rendering them useless to attackers.* Overall memcached is expected to top the DDoS charts for a relatively short period of time. Ironically, as we have seen before, the more attackers who try to leverage this vector the weaker the resulting DDoS attacks as the total bandwidth of vulnerable servers is fixed and is shared across the victims. If a single attack could reach 200G, then with only 10 bad actors worldwide trying to use this vector at the same time they may only get 20G each. If there are hundreds of potential bad actors jumping on the memcached bandwagon, this once mighty resource could end up delivering just a trickle of an attack to each intended victim.”