Memcashed DDoS Amplification Exploit Emerging

By   ISBuzz Team
Writer , Information Security Buzz | Mar 02, 2018 10:15 am PST

In response the discovery by researchers that DDoS attackers are using the free utility memcached protocol and servers that support the Internet protocol UDP to magnify attacks, a ‘reflection’ technique that sharply expands attack impacts, Ashley Stephenson, CEO at Corero Network Security commented below.

Ashley Stephenson, CEO at Corero Network Security:

“Time to add “memcached” to the list of useful Internet services that can be turned upon themselves to attack rather than serve.

“This free utility has provided more than a decade of useful service helping websites, blogs and databases run faster but is now being leveraged by malicious actors to launch supercharged DDoS attacks. Like several recent DDoS amplification vectors such as the CLDAP exploit first reported by Corero in 2017, memcached is vulnerable to UDP exploits due to an unnecessarily permissive wide-open default access policy allowing it to serve all requestors without prejudice.

“However, Corero has already seen operators begin to secure their memcached services rendering them useless to attackers.* Overall memcached is expected to top the DDoS charts for a relatively short period of time. Ironically, as we have seen before, the more attackers who try to leverage this vector the weaker the resulting DDoS attacks as the total bandwidth of vulnerable servers is fixed and is shared across the victims. If a single attack could reach 200G, then with only 10 bad actors worldwide trying to use this vector at the same time they may only get 20G each. If there are hundreds of potential bad actors jumping on the memcached bandwagon, this once mighty resource could end up delivering just a trickle of an attack to each intended victim.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x