Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Memcached DDoS Attacks Slow Down as Patching Ramps Up

    By
    Sean Michael Kerner
    -
    March 9, 2018
    Share
    Facebook
    Twitter
    Linkedin
      DDoS Amplification 2

      Days after the largest distributed denial-of-service attack in internet history, the attack size of memcached DDoS attacks is now on the decline.

      On March 5, Netscout Arbor Networks reported a 1.7-Tbps DDoS attack that was driven by the amplification of misconfigured memcached servers. While there were some initial fears that the attacks would continue to grow in size, the opposite has happened.

      “We’re still seeing lots of them, but their average size is considerably smaller due to ongoing cleanup and mitigation efforts,” Steinthor Bjarnason, senior network security analyst at Netscout Arbor, told eWEEK.

      Memcached is a widely deployed open-source tool for distributed memory object caching. Attackers are taking aim at servers that have been left open and exposed to the internet, sending UDP traffic that is then reflected to a target victim. The first attacks using the memcached DDoS reflection tactic were reported at the end of February, with attacks ranging from 190 Gbps to 500 Gbps. Attack bandwidth escalated rapidly, and on March 1, GitHub was hit by a 1.35-Tbps memcached DDoS attack, with the 1.7-Tbps attack following days later, on March 5.

      Arbor Networks isn’t the only one seeing a reduction in the average size of memcached DDoS attacks. 

      “They [memcached DDoS attacks] have reduced to the point where they are small compared to other DDoS vectors,” John Graham-Cumming, CTO of CloudFlare, told eWEEK. 

      Although memcached DDoS bandwidth attack volume has declined, other DDoS attack amplification vectors continue to persist. Graham-Cumming noted that Simple Service Discovery Protocol (SSDP)-based attacks continue occur frequently and with fairly large volumes of 200 Gbps or more every day.

      Memcached Kill Switch

      There are several reasons why memcached DDoS attacks have declined in recent days. Security firm Corero suggested that there is a “kill switch” for the attack, though both Graham-Cumming and Bjarnason disputed the legitimacy of that option.

      “The so-called ‘kill switch’ consists of sending a ‘flush_all’ command to the memcached servers, instructing them to empty their cache,” Bjarnason said. “This is a well-known instruction and has been part of the memcached protocol since its inception in 2003.”

      Bjarnason added, however, that issuing the “flush-all” command will incur the risk of negatively impacting the operation of the solution of which the memcached server is part, potentially resulting in serious operational issues. He noted that the memcached systems are also a victim of the DDoS attack as they are being abused by the attacker to participate in the DDoS attack and are in almost no cases owned or controlled by the attacker.

      “There is no need to risk going with the so-called kill switch option when modern DDoS solutions are perfectly capable of defending against memcached DDoS reflection attacks, as shown by the successful mitigation of the recent 1.7-Tbps attacks,” Bjarnason said.

      Graham-Cumming was also skeptical about the kill-switch option, and it was not deployed at CloudFlare either.

      “The ‘kill switch’ was immediately obvious to everyone who worked on mitigating this DDoS attack,” Graham-Cumming said. “We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization.” 

      Patching

      A number of things have been happening outside the use the kill-switch option to help mitigate the volume of memcached attacks. Perhaps the most impactful thing is that memcached server administrators have updated their systems and configurations.

      The open-source memcached project itself has an update that eliminates the attack vector. The Memcached 1.5.6 update disables the UDP protocol, which is what DDoS attackers are using to amplify attacks.

      “The volume of memcached attacks will gradually decrease as access to vulnerable servers continues to be shut down,” Bjarnason said. “There will, however, always be someone deploying new vulnerable servers and services on the internet, so these kinds of attacks will be part of the internet for the foreseeable future.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×