Corero Network Security Discovers Memcached DDoS Attack “Kill Switch” And Also Reveals Memc…

存储架构 (源链)
  • Corero active defence countermeasure benignly “suppresses” Memcached
    DDoS attack threat while leaving compromised servers online;
  • Corero researchers reveal that Memcached can be exploited by attackers
    to steal or modify data from vulnerable Memcached servers;
  • ‘Kill switch’ is available to Corero customers to defend themselves.
    Corero Smartwall can issue this command in response to incoming
    attacks. Corero has also disclosed the fix to national security
  • Memcached DDoS attacks or Memcached data theft is currently a
    potential issue for up to 95,000 vulnerable servers worldwide.

MARLBOROUGH, Mass. & LONDON–(BUSINESS WIRE)–Corero Network Security has today disclosed the existence of a practical

“kill switch” countermeasure for the Memcached vulnerability,

responsible for some of the largest DDoS attacks ever recorded, to

national security agencies. At the same time, the company has revealed

that the vulnerability is more extensive than originally reported – and

can also be used by attackers to steal or modify data from the

vulnerable Memcached servers.

Memcached is an open source memory caching system that stores data in

RAM to speed up access times. It was not originally designed to be

accessible from the Internet, as access does not require authentication.

The exploit works by allowing attackers to generate spoof requests and

amplify DDoS attacks by up to 50,000 times to create an unprecedented

flood of attack traffic. In the last week, these massive attacks have

overwhelmed specific targets such as GitHub, and flooded service

providers to degrade service availability.

There are currently over 95,000 servers worldwide answering on TCP or

UDP port 11211 from the internet, which could potentially be used by

attackers to launch DDoS attacks or expose customer data.

Ashley Stephenson, CEO at Corero Network Security, explains: “


represents a new chapter in DDoS attack executions. Previously, the most

recent record-breaking attacks were being orchestrated from relatively

low bandwidth Internet of Things (IoT) devices. In contrast, these

Memcached servers are typically connected to higher bandwidth networks

and, as a result of high amplification factors, are delivering data

avalanches to crippling effect. Unless operators of Memcached servers

take action, these attacks will continue


More Complex Capabilities

Any Memcached server that can be forced into participating in a DDoS

attack towards the Internet can also be coaxed into divulging user data

it has cached from its local network or host. This may include

confidential database records, website customer information, emails, API

data, Hadoop information and more.

The Memcached protocol was designed to be used without logins or

passwords, meaning that anything you add to a vulnerable Memcached

server can be stolen by anyone on the internet, without a login,

password or audit trail. By using a simple debug command, hackers can

reveal the ‘keys’ to your data and retrieve the owner’s data from the

other side of the world. Additionally, it is also possible to

maliciously modify the data and reinsert it into the cache without the

knowledge of the Memcached owner.

Despite repeated warnings by the Memcached developer community and large

IT vendors about security risks, default configurations for some of the

latest operating systems and cloud computer services still allow

ubiquitous access to the Memcached service and customers’ private data.

Ashley Stephenson explains:

“While this blatant lapse of security is

relatively clear to the accomplished security practitioner or hacker, it

is not known to the increasingly business-oriented, non-technical user

who is clicking a button to set up a new server in the cloud. There are

dozens of US-CERT CVE and obscure security warnings related to Memcached

but few of them address the clearly obvious issue of leaving the front

door open on the internet for anyone to come in and take your data.”

The Kill Switch

This week, Corero discovered an effective ‘kill switch’ to the Memcached

vulnerability that sends a command back to an attacking server to

suppress the current DDoS exploitation. The “flush_all” countermeasure

has been disclosed to national security agencies for action. It

invalidates a vulnerable servers’ cache, including the large,

potentially malicious payload planted there by attackers.

The countermeasure quench packet has been tested on live attacking

servers and appears to be 100% effective. It has not been observed to

cause any collateral damage.

Ashley Stephenson continues: “

Ironically, the Memcached utility

was intended to cache frequently-used web pages and data to boost

legitimate performance. But this utility has now been weaponized to

exploit its performance boosting potential for illegitimate purposes.”

About Corero Network Security

Corero Network Security is the

leader in real-time, high-performance DDoS defense solutions. Service

providers, hosting providers and digital enterprises rely on Corero’s

award winning technology to eliminate the DDoS threat to their

environment through automatic attack detection and mitigation, coupled

with complete network visibility, analytics and reporting. This industry

leading technology provides cost effective, scalable protection

capabilities against DDoS attacks in the most complex environments while

enabling a more cost effective economic model than previously available.

For more information, visit .



Eskenzi PR

Julia Langsman, +44 207 1832 838



Nikolova, +44 7879 495159




Wiedrick-Kozlowski, 525-392-7878



MacGregor, 978-473-1016

Do you think you can beat this Sweet post?

If so, you may have what it takes to become a Sweetcode contributor…Learn More.


Identify Website Visitors with IPstack is a service provider of real-time geolocation data. The API commonly used by developers, SMBs and even large companies all over the w...
币安此次系统升级始末 遭遇疯狂DDOS攻击... 有这么一句话,“沧海横流,方显英雄本色”。一个人如何应对危机反映了他的性格特质;一家公司如何应对危机直接影响它的信誉;而一支团队如何应对危机则能够决定其未来的发展。 故障 8日晨,币安一处数据库从库集群自动发生了主备切换——这种现象通常是由于意外的硬件故障造成。27分钟后,身份互换过的主备...
Getting the most out of your SIEM investment Over the last 10-15 years, many organizations built Security Operations Centers (SOCs) on the backbone of security information and event management ...
Attack Vectors in Orbit: The Need for IoT and Sate... by Craig Gibson (Principal Threat Defense Architect) Already a vital part of both the internet of things and the critical infrastructure of the ...
What will it take to improve the ICS patch process... While regular patching is indisputably good advice for IT networks, one of the main takeaways from thePetya andWannaCry attacks is that a lot of com...
Sweetcode.io责编内容来自 (源链) | 更多关于

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » Corero Network Security Discovers Memcached DDoS Attack “Kill Switch” And Also Reveals Memc…

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录