{"id":4730,"date":"2018-04-03T12:59:49","date_gmt":"2018-04-03T12:59:49","guid":{"rendered":"https:\/\/www.reveantivirus.com\/blog\/?p=4730"},"modified":"2019-08-19T10:34:02","modified_gmt":"2019-08-19T10:34:02","slug":"memcached-ddos-attack","status":"publish","type":"post","link":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack","title":{"rendered":"What is a Memcached DDoS Attack?"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"alignnone size-full wp-image-4825\" src=\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min-1.jpg\" alt=\"DDOS Attack\" width=\"800\" height=\"300\" srcset=\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min-1.jpg 800w, https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min-1-300x113.jpg 300w, https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min-1-768x288.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by crushing it with traffic from multiple sources. DDoS Attacks target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information. DDoS is already famous for the attacks on KrebsOnSecurity and DYN in 2016. This time attackers have found a new way of magnifying their attacks through Memcached Server.<\/p>\n<p>In few days, a number of popular websites became victims of the DDoS attack. For example, GitHub suffered a DDoS attack, and the peak flow rate reached 1.35Tbps, according to\u00a0<a href=\"https:\/\/blogs.akamai.com\/2018\/03\/memcached-fueled-13-tbps-attacks.html\">Akamai<\/a>\u00a0and\u00a0<a href=\"https:\/\/blogs.akamai.com\/2018\/03\/memcached-fueled-13-tbps-attacks.html\">GitHub<\/a> which is the highest DDoS attack till now.<\/p>\n<h2><strong>What is Memcached<\/strong><\/h2>\n<p>The Memcache is free and open source database-caching used to speed up the network and websites by improving the response of memory cache. This was not meant to be exposed to the internet and did not have sufficient security and hence anyone can query and get a response.<\/p>\n<h2><strong>Attack Analysis<\/strong><\/h2>\n<ul>\n<li>The DDoS technique utilized as a part of this record-breaking assault mishandled common service called \u201cMemcached\u201d to amplify the power of their DDoS attacks. Memcached is intended to reserve information and facilitate the strain on heavier information stores, similar to circle or databases. It is normally found in cloud server situations and it is intended to be utilized on frameworks that are not specifically presented to the Internet.<\/li>\n<\/ul>\n<ul>\n<li>Memcached imparts utilizing the User Datagram Protocol (UDP), which permits correspondences with no confirmation- anybody or anything can converse with it and demand information from it. Because Memcached doesn\u2019t support authentication, the attackers are sending forged UDP protocol packets to UDP-enabled Memcached servers that are open on the internet, which in response send many more UDP packets to the target. This results in a huge amount of malicious traffic directed at the victim\u2019s site.<\/li>\n<li>The attacker fakes his IP address into the target address and sends a request to the Memcached reflector to read the information that Memcached stored in the key-value.\u00a0Memcached responds to the forged source IP upon receipt of the request, creating a reflection. When a large number of Memcached are utilized simultaneously and reply with the same forged source IP, a heavy traffic DDoS attack against this forged source IP (victim) is formed.<\/li>\n<\/ul>\n<h2><strong><img loading=\"lazy\" class=\"aligncenter size-full wp-image-4841\" src=\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/ddos-e1523440381524.jpg\" alt=\"ddos\" width=\"763\" height=\"833\" \/>Preventive Measures<\/strong><\/h2>\n<ul>\n<li style=\"text-align: justify;\">Memcached servers should be updated to version 1.5.6, released by Memcached developer\u2019s which <a href=\"https:\/\/github.com\/memcached\/memcached\/wiki\/ReleaseNotes156\">disables the UDP protocol by default<\/a>.<\/li>\n<li style=\"text-align: justify;\">Ensure your network providers have implemented anti-spoofing so that spoofed packets used in attacks do not make it to your network.<\/li>\n<li style=\"text-align: justify;\">Proper filtering of data or usage of a binary protocol can be an effective countermeasure against these type of attacks.<\/li>\n<li style=\"text-align: justify;\">Ensure your networks have good traffic monitoring.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by crushing it with traffic from multiple sources. DDoS Attacks target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":4824,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[94,203,93,317,476],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is a Memcached DDoS Attack?\" \/>\n<meta property=\"og:description\" content=\"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack\" \/>\n<meta property=\"og:site_name\" content=\"REVE Antivirus\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/REVE-Antivirus-733117470104716\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-03T12:59:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-19T10:34:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:creator\" content=\"@REVEAntivirus\" \/>\n<meta name=\"twitter:site\" content=\"@REVEAntivirus\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Suvarna Trigune\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/#website\",\"url\":\"https:\/\/www.reveantivirus.com\/blog\/\",\"name\":\"REVE Antivirus\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.reveantivirus.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg\",\"contentUrl\":\"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg\",\"width\":800,\"height\":300,\"caption\":\"DDOS Attack\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#webpage\",\"url\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack\",\"name\":\"What is a Memcached DDoS Attack?\",\"isPartOf\":{\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#primaryimage\"},\"datePublished\":\"2018-04-03T12:59:49+00:00\",\"dateModified\":\"2019-08-19T10:34:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/#\/schema\/person\/28c498c3d53797d74d040454be053d29\"},\"description\":\"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.reveantivirus.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is a Memcached DDoS Attack?\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/#\/schema\/person\/28c498c3d53797d74d040454be053d29\",\"name\":\"Suvarna Trigune\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.reveantivirus.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f465e5338b2d68368a4f146ead3eff44?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f465e5338b2d68368a4f146ead3eff44?s=96&d=mm&r=g\",\"caption\":\"Suvarna Trigune\"},\"description\":\"Suvarna Trigune is malware research engineer who likes to enlighten others about the unknown and little-known facts about cyber security through her blogs.\",\"sameAs\":[\"https:\/\/www.reveantivirus.com\/\"],\"url\":\"https:\/\/www.reveantivirus.com\/blog\/author\/suvarnatrigune\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack","og_locale":"en_US","og_type":"article","og_title":"What is a Memcached DDoS Attack?","og_description":"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.","og_url":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack","og_site_name":"REVE Antivirus","article_publisher":"https:\/\/www.facebook.com\/REVE-Antivirus-733117470104716","article_published_time":"2018-04-03T12:59:49+00:00","article_modified_time":"2019-08-19T10:34:02+00:00","og_image":[{"width":800,"height":300,"url":"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg","type":"image\/jpeg"}],"twitter_card":"summary","twitter_creator":"@REVEAntivirus","twitter_site":"@REVEAntivirus","twitter_misc":{"Written by":"Suvarna Trigune","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.reveantivirus.com\/blog\/#website","url":"https:\/\/www.reveantivirus.com\/blog\/","name":"REVE Antivirus","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.reveantivirus.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#primaryimage","inLanguage":"en-US","url":"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg","contentUrl":"https:\/\/www.reveantivirus.com\/blog\/wp-content\/uploads\/2018\/04\/shutterstock_515175310-min.jpg","width":800,"height":300,"caption":"DDOS Attack"},{"@type":"WebPage","@id":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#webpage","url":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack","name":"What is a Memcached DDoS Attack?","isPartOf":{"@id":"https:\/\/www.reveantivirus.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#primaryimage"},"datePublished":"2018-04-03T12:59:49+00:00","dateModified":"2019-08-19T10:34:02+00:00","author":{"@id":"https:\/\/www.reveantivirus.com\/blog\/#\/schema\/person\/28c498c3d53797d74d040454be053d29"},"description":"Learn how Memcached DDoS attacks are executed by attackers and some useful preventive measures to avoid becoming a target.","breadcrumb":{"@id":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.reveantivirus.com\/blog\/en\/memcached-ddos-attack#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.reveantivirus.com\/blog"},{"@type":"ListItem","position":2,"name":"What is a Memcached DDoS Attack?"}]},{"@type":"Person","@id":"https:\/\/www.reveantivirus.com\/blog\/#\/schema\/person\/28c498c3d53797d74d040454be053d29","name":"Suvarna Trigune","image":{"@type":"ImageObject","@id":"https:\/\/www.reveantivirus.com\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/f465e5338b2d68368a4f146ead3eff44?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f465e5338b2d68368a4f146ead3eff44?s=96&d=mm&r=g","caption":"Suvarna Trigune"},"description":"Suvarna Trigune is malware research engineer who likes to enlighten others about the unknown and little-known facts about cyber security through her blogs.","sameAs":["https:\/\/www.reveantivirus.com\/"],"url":"https:\/\/www.reveantivirus.com\/blog\/author\/suvarnatrigune"}]}},"_links":{"self":[{"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/posts\/4730"}],"collection":[{"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/comments?post=4730"}],"version-history":[{"count":19,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/posts\/4730\/revisions"}],"predecessor-version":[{"id":7867,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/posts\/4730\/revisions\/7867"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/media\/4824"}],"wp:attachment":[{"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/media?parent=4730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/categories?post=4730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.reveantivirus.com\/blog\/wp-json\/wp\/v2\/tags?post=4730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}