This "Kill Switch" will Mitigate the Memcached DDoS Attack

Last week we have seen the biggest 1Tbps -plus DDoS Attack on GitHub and other networks, which is mainly caused by memcache on the server. The potency of the attacks is due to memcached servers amplifying a target's spoofed IP address requests by a factor of 50,000.

Now here is some goods news for the server admins. DDoS protection firm Corero have mentioned that they have found a kill switch which will mitigate this Memcache DDoS issue 100 percent. Corero, says that they have tested its kill switch on the real attacking server and they have got 100 percent success results.

This Memcache issue is been now assigned with the CVE-2018-1000115, which identifies memcached version 1.5.5 as having an "Insufficient control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood".

After the attack on the GitHub, an unknown users have also posted the exploit for the Memcache DDoS on internet, which makes other attackers works more easy. Moreover, before the attack- Rapid7's Project Sonar internet scanner detected nearly 140,000 open memcached devices. However, as of March 1, this has dropped to 58,000. Exposed memcached servers with UDP enabled have also fallen from 18,000 on March 1 to under 12,000 on March 5.

Still there are thousands of the servers which are still vulnerable to Memcache DDoS Attack. Another nasty thing you got to know that, some of the hundereds of the servers still using the older version of the memcache, which is also exploit to Remote Code Execution flaws that could allowed them to be used as part of botnet. 


With ❤️ Cyber Kendra