Corero Network Security Discovers Memcached DDoS Attack “Kill Switch” And Also Reveals Memc…

  • Corero active defence countermeasure benignly “suppresses” Memcached
    DDoS attack threat while leaving compromised servers online;
  • Corero researchers reveal that Memcached can be exploited by attackers
    to steal or modify data from vulnerable Memcached servers;
  • ‘Kill switch’ is available to Corero customers to defend themselves.
    Corero Smartwall can issue this command in response to incoming
    attacks. Corero has also disclosed the fix to national security
  • Memcached DDoS attacks or Memcached data theft is currently a
    potential issue for up to 95,000 vulnerable servers worldwide.

MARLBOROUGH, Mass. & LONDON–(BUSINESS WIRE)–Corero Network Security has today disclosed the existence of a practical

“kill switch” countermeasure for the Memcached vulnerability,

responsible for some of the largest DDoS attacks ever recorded, to

national security agencies. At the same time, the company has revealed

that the vulnerability is more extensive than originally reported – and

can also be used by attackers to steal or modify data from the

vulnerable Memcached servers.

Memcached is an open source memory caching system that stores data in

RAM to speed up access times. It was not originally designed to be

accessible from the Internet, as access does not require authentication.

The exploit works by allowing attackers to generate spoof requests and

amplify DDoS attacks by up to 50,000 times to create an unprecedented

flood of attack traffic. In the last week, these massive attacks have

overwhelmed specific targets such as GitHub, and flooded service

providers to degrade service availability.

There are currently over 95,000 servers worldwide answering on TCP or

UDP port 11211 from the internet, which could potentially be used by

attackers to launch DDoS attacks or expose customer data.

Ashley Stephenson, CEO at Corero Network Security, explains: “


represents a new chapter in DDoS attack executions. Previously, the most

recent record-breaking attacks were being orchestrated from relatively

low bandwidth Internet of Things (IoT) devices. In contrast, these

Memcached servers are typically connected to higher bandwidth networks

and, as a result of high amplification factors, are delivering data

avalanches to crippling effect. Unless operators of Memcached servers

take action, these attacks will continue


More Complex Capabilities

Any Memcached server that can be forced into participating in a DDoS

attack towards the Internet can also be coaxed into divulging user data

it has cached from its local network or host. This may include

confidential database records, website customer information, emails, API

data, Hadoop information and more.

The Memcached protocol was designed to be used without logins or

passwords, meaning that anything you add to a vulnerable Memcached

server can be stolen by anyone on the internet, without a login,

password or audit trail. By using a simple debug command, hackers can

reveal the ‘keys’ to your data and retrieve the owner’s data from the

other side of the world. Additionally, it is also possible to

maliciously modify the data and reinsert it into the cache without the

knowledge of the Memcached owner.

Despite repeated warnings by the Memcached developer community and large

IT vendors about security risks, default configurations for some of the

latest operating systems and cloud computer services still allow

ubiquitous access to the Memcached service and customers’ private data.

Ashley Stephenson explains:

“While this blatant lapse of security is

relatively clear to the accomplished security practitioner or hacker, it

is not known to the increasingly business-oriented, non-technical user

who is clicking a button to set up a new server in the cloud. There are

dozens of US-CERT CVE and obscure security warnings related to Memcached

but few of them address the clearly obvious issue of leaving the front

door open on the internet for anyone to come in and take your data.”

The Kill Switch

This week, Corero discovered an effective ‘kill switch’ to the Memcached

vulnerability that sends a command back to an attacking server to

suppress the current DDoS exploitation. The “flush_all” countermeasure

has been disclosed to national security agencies for action. It

invalidates a vulnerable servers’ cache, including the large,

potentially malicious payload planted there by attackers.

The countermeasure quench packet has been tested on live attacking

servers and appears to be 100% effective. It has not been observed to

cause any collateral damage.

Ashley Stephenson continues: “

Ironically, the Memcached utility

was intended to cache frequently-used web pages and data to boost

legitimate performance. But this utility has now been weaponized to

exploit its performance boosting potential for illegitimate purposes.”

About Corero Network Security

Corero Network Security is the

leader in real-time, high-performance DDoS defense solutions. Service

providers, hosting providers and digital enterprises rely on Corero’s

award winning technology to eliminate the DDoS threat to their

environment through automatic attack detection and mitigation, coupled

with complete network visibility, analytics and reporting. This industry

leading technology provides cost effective, scalable protection

capabilities against DDoS attacks in the most complex environments while

enabling a more cost effective economic model than previously available.

For more information, visit .



Eskenzi PR

Julia Langsman, +44 207 1832 838

[email protected]



Nikolova, +44 7879 495159

[email protected]




Wiedrick-Kozlowski, 525-392-7878

[email protected]



MacGregor, 978-473-1016

[email protected]

Do you think you can beat this Sweet post?

If so, you may have what it takes to become a Sweetcode contributor…Learn More.

Sweetcode.io稿源 (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 后端存储 » Corero Network Security Discovers Memcached DDoS Attack “Kill Switch” And Also Reveals Memc…

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录