Two Memcached DDoS attacks PoC released

Source: Internet
Author: User
Tags cloudflare hosting website

Two Memcached DDoS attacks PoC released

Memcached DDoS attack-a few days after the world's largest DDoS attack reaches 1.7Tbps, two PoC codes for Memcached amplification attacks were published.

The vulnerability behind Memcached DDoS attacks is one of the hottest topics.

The world's largest DDoS attack record lasted for only a few days. Earlier this month, an American service provider suffered a 1.7 Tbps memcached DDoS attack.

Now someone has released two PoC codes. both ends of the code can use Memcached for DDoS amplification attacks, and anyone can use them to launch memcached DDoS attacks.

One PoC code vulnerability is written in the Python script language. The Shodan search engine API is used to obtain the list of vulnerable Memcached servers and then conduct memcached DDoS attacks.

The second vulnerability exploitation code is programmed in C and uses the list of vulnerable Memcached servers. The author also published a memecache-amp-03-05-2018-rd.list file, which is a list of vulnerable memcached servers as.

Dangerous amplification attacks

The first memcached DDoS attack was detected in, when the Code hosting website GitHub was hit by the largest DDoS attack ever, reaching the peak of tbps.

Memcached is a free and open-source high-performance distributed memory cache system designed to accelerate the running of Dynamic Web applications by reducing the database load.

The client communicates with the memcached server through TCP or UDP on port 11211.

To abuse the memcached server, attackers can send requests to the target server through port 11211, disguised as the victim's IP address. In the memcached DDoS attack, requests sent to the server are only several bytes, and the response may be tens of thousands of times larger, resulting in amplification attacks.

Cloudflare experts called the attack Memcrashed, and researchers said the amplification technology may allow attackers to gain a factor of 51.2 thousand.

Cloudflare recommends disabling UDP support and disconnecting the memcached server from the internet unless necessary.

"Developers should stop using UDP. No. Do not enable it by default. If you do not know what the amplification attack is, do not enter 'sock _ dgram' in the editor '. "

This new type of attack is undoubtedly good news for hackers. Someone has begun to use amplification attacks to extort money from the company.

* Reference Source: SecurityAffairs

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151285.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.