Back to overview

Protection against memcached amplification DDoS attacks

   15.03.2018   attack, DDoS, security, services

Recently, a new DDoS record was set at 1.7 terabits per second. The attack took advantage of incorrectly configured memcached servers as reflectors. How can you protect yourself from such an attack?

DDoS attacks continue to be a popular instrument with cybercriminals who use them, among other goals, for extortion. In the major attacks of the past few weeks, misconfigured memcached servers were being used as reflectors, i. e. as amplifiers. Memcached servers are known for being super fast due to their databases being stored in RAM. In addition, they tend to be very stable and require only a minimum of computing power. But they are not intended for systems that are freely available on the Internet.  Misconfigured memcached servers can be detected relatively easily and misused in so-called Memcached Reflection Attacks.

There are several methods of protection from such attacks:

Configuring the Memcached Server correctly

The most sustainable solution is to make sure that memcached servers are not accessible from the public network. You can ensure this to be the case in your home environment, but not in external environments. Awareness of the problem must therefore be fostered.

Mitigation in your own network

DDoS appliances can automatically mitigate attacks. aspectra employs special devices for this purpose, which check all traffic in front of our routers and in case of an attack block the corresponding packets.

Mitigation in the cloud

So-called scrubbing centres in the cloud clean the traffic prior to reaching our own routers via uplinks. aspectra has entered into a partnership with Akamai for this purpose. Akamai also offers further services that protect systems in addition to DDoS mitigation and free up resources.

Read more on memcached amplification attacks: