Add Your Heading Text Here

Share it:

Proofs-of-concept (PoC) exploit code for Memcached amplification attack have been shared online that could allow non-programmers to execute massive DDoS attacks using UDP reflections.

Last week there were two record-breaking DDoS attacks—1.35 Tbps hit Github and 1.7 Tbps attack against a certain US-based company using a technique called amplification/reflection attack.

By exploiting thousands of misconfigured Memcached servers left exposed on the Internet, Memcached-based amplification/reflection attack amplifies bandwidth of the DDoS attacks by a factor of 51,000.

Proof-of-Concept:

Memcacrashed.py is a python script that scans Shodan for IPs of vulnerable Memcached servers and allows a user to launch a DDoS attack against a desired target within seconds of running the tool.

Here is the link to the Memcacrashed.py :   https://cxsecurity.com/issue/WLB-2018030060

Proof-of-concept 2:

The author is PoC 2 is unknown, but the PoC 2 is written in C.

Here is the link to Proof-of-concept 2:  https://pastebin.com/ZiUeinae

Solution Against Memcached DDos Attack:

To mitigate the attack and prevent Memcached servers from being abused,  entirely disable UDP support if not in use.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Information Security Architects (ISA) Ltd is one of the leading Data Privacy and Security Practitioners in Ghana West Africa.
Services
Products
Newsletter

Sign up our newsletter for update information, insight and promotion.

Facebook Instagram Twitter Linkedin
Copyright © 2021, All rights reserved. Powered by Lynt Digital.