• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

DDoS amplifications through memcached

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,994
Best answers: 10
Messages: 26,759

#1
Using databases/memcached is a popular method to speed up high performance websites. But apparently not everybody protects it properly and allows it to be accessible from the internet. New research discovered these open services are abused in a similar fashion to DNS and NTP amplification attacks. The memcached problem is a little bigger though, it's possible to amplify data a whopping 51000 times. DDoS creators of course love this and are massively abusing it.

If you use memcached(1) make sure it's not reachable from the internet!

https://arstechnica.com/information...ses-use-new-way-to-achieve-unthinkable-sizes/
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,994
Best answers: 10
Messages: 26,759

#3
Yeah, it's quite likely recent large DDoS attacks were actually "helped" along by this issue. I mean, if you can amplify 15 bytes into 51000 bytes it's easy to see how the attacks got so large so quickly.
 
Top