Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Kill switch halts memcached DDoS attacks

on March 9, 2018 |
DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist

Researchers have identified a technique that can halt a memcached amplification attack.

DDoS protection firm Corero reported victims could send a “flush_all” command back to the attacking servers to stop the 1Tbps+ DDoS attacks that have targeted the likes of GitHub and others in recent weeks.

This suppresses the flood of traffic by invalidating a vulnerable memcached server’s cache, the firm said.

Memcached servers in their default configuration expose port 11211. Attackers are targeting such servers with UDP support enabled to spoof the ‘get’ request message with a victim’s IP address and amplify DDoS attacks by up to 50,000 times.

Corero said its kill switch “appeared to be 100 percent effective” in testing on attacking servers.

“Ironically, the Memcached utility was intended to cache frequently-used web pages and data to boost legitimate performance. But this utility has now been weaponised to exploit its performance boosting potential for illegitimate purposes,” Corero CEO Ashley Stephenson said.

Memcached developers released an update (version 1.5.6) in the wake of the high-profile attacks that disables the UDP protocol by default.

The tools used to launch the attacks were publicly posted to GitHub this week. The two proofs-of-concept come with a list of 17,000 vulnerable memcached servers.

However the high-profile nature of the GitHub and other attacks seem to be spurring memcached users into action; according to Rapid7 the number of memcached servers with port 11211 open dropped from 18,000 on March 1 to less than 12,000 on March 5.

Source: https://www.itnews.com.au/news/kill-switch-halts-memcached-ddos-attacks-486680

Share this story:
  • tweet

Recent Posts

  • Bad actors launched an unprecedented wave of DDoS attacks in 2020

    January 26, 2021 - 0 Comment
  • As coronavirus cases surge, so do cyberattacks against the healthcare sector

    January 11, 2021 - 0 Comment
  • DDoS Attacks Remain a Serious Threat to Businesses Worldwide

    December 17, 2020 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing