web analytics

Memcached Amplification Attacks are already Breaking DDoS Records

Memcached Amplification Attacks are already Breaking DDoS Records

Earlier this week, had started to see some significant distributed denial-of-service (DDoS) attacks against its customers, reaching up to 260 Gb/s in bandwidth. Now Akamai has also experienced record-breaking DDoS attack of 1.3Tb/s. It is called ‘Memcached Amplification Attacks’.

Memcached-Enabled DDoS Attacks: As Cloudflare recently explained, attackers have found a way to send spoofed requests to vulnerable memcached servers that also have UDP support enabled. Due to how memcached works, the servers then respond to the requests with much larger packet sizes. The servers send those packets to the target IP (chosen by the attackers), which ends-up overwhelming that targets’ systems and interrupting its proper functioning.

Cloudflare saw attacks of up to 260 Gb/s against its customers. These were significant, but nowhere near the much larger attacks in the 1 Tb/s range we saw last year. On the other hand, one of Akamai’s customers seems to have experienced a memcached amplification attack that was five times larger than the 260 Gb/s attack Cloudflare saw earlier, reaching a peak of 1.3 Tb/s.

New DDoS Record: The impacted Akamai customer was , which uses Akamai for protection against DDoS attacks and for its content delivery network services. Akamai seems to have learned from last year’s Mirai attack, which peaked at 623 Gb/s, because this time it was much better prepared to handle DDoS attacks in the Tb/s range. Akamai was able to mitigate and then stop the 1.3 Tb/s attack less than 10 minutes after it started.

Akamai warned that it’s still early days for attackers using the memcached amplification DDoS technique and that we could be seeing much larger attacks in the future. The memcached amplification technique allows attackers to scale up their requests by over 50,000 times, so it shouldn’t take long until other malicious actors adopt it.

Akamai believes that the attacks could be largely mitigated if memcached server operators can rate limit traffic from source port 11211 and prevent traffic from entering and exiting their networks, but it noted that this could take time.

Credits: http://www.tomshardware.com/news/memcached-amplification-attack-akamai-record,36607.html

Summary
Memcached Amplification Attacks are already Breaking DDoS Records
Article Name
Memcached Amplification Attacks are already Breaking DDoS Records
Description
Earlier this week, Cloudflare had started to see some significant distributed denial-of-service (DDoS) attacks against its customers, reaching up to 260 Gb/s in bandwidth. Now Akamai has also experienced record-breaking DDoS attack of 1.3Tb/s. It is called 'Memcached Amplification Attacks'.
Author
Publisher Name
SoftcareCS
Publisher Logo
blank
SNR

Linux & Windows Geek, Blogger & System Administrator

Leave your message

Scroll Up