2 weeks ago

Memcached DDoS Exploit Code in addition to List of 17,000 Vulnerable Servers Released


Two separate proofs-of-concept (PoC) exploit code for Memcached amplification attack have been released online which could allow even script-kiddies to launch massive DDoS attacks using UDP reflections easily.

The first DDoS tool is usually written in C programming language in addition to works which has a pre-compiled list of vulnerable Memcached servers.

Bonus—its description already includes a list of nearly 17,000 potential vulnerable Memcached servers left exposed on the Internet.

Whereas, the second Memcached DDoS attack tool is usually written in Python which uses Shodan search engine API to obtain a fresh list of vulnerable Memcached servers in addition to then sends spoofed source UDP packets to each server.

Last week we saw two record-breaking DDoS attacks—1.35 Tbps hit Github in addition to 1.7 Tbps attack against an unnamed US-based company—which were carried out using a technique called amplification/reflection attack.

For those unaware, Memcached-based amplification/reflection attack amplifies bandwidth of the DDoS attacks by a factor of 51,000 by exploiting thousands of misconfigured Memcached servers left exposed on the Internet.

Memcached is usually a well-liked open source distributed memory caching system, which came into news earlier last week when researchers detailed how hackers could abuse the item to launch amplification/reflection DDoS attack by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address which matches the victim’s IP.

A few bytes of the request sent to the vulnerable Memcached server can trigger tens of thousands of times bigger response against the targeted IP address, resulting in a powerful DDoS attack.


For a detailed explanation on how Memcached amplification attack works, you can head on to our previous article.

Since last week when Memcached has been revealed as a brand new amplification/reflection attack vector, some hacking groups began exploiting unsecured Memcached servers.

yet at This particular point the situation will get worse with the Discharge of PoC exploit code, allowing anyone to launch massive DDoS attacks, in addition to will not come under control until the last vulnerable Memcached server is usually patched, or firewalled on port 11211, or completely taken offline.

Moreover, cybercriminals groups have already began weaponizing This particular brand new DDoS technique to threaten big websites for extorting money.

Following last week’s DDoS attack on GitHub, Akamai reported its customers received extortion messages delivered alongside the typically “junk-filled” attack payloads, asking them for 50 XMR (Monero coins), valued at over $15,000.

Reflection/amplification attacks are not brand new. Attackers have previously used This particular DDoS attack technique to exploit flaws in DNS, NTP, SNMP, SSDP, Chargen in addition to different protocols in order to maximize the scale of their cyber attacks.

To mitigate the attack in addition to prevent Memcached servers via being abused as reflectors, the best option is usually to bind Memcached to a local interface only or entirely disable UDP support if not in use.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

two × three =