The first DDoS tool is written inwards C programming linguistic communication as well as industrial plant with a pre-compiled listing of vulnerable Memcached servers.
Bonus—its description already includes a listing of virtually 17,000 potential vulnerable Memcached servers left exposed on the Internet.
Whereas, the instant Memcached DDoS assail tool is written inwards Python that uses Shodan search engine API to obtain a fresh listing of vulnerable Memcached servers as well as thence sends spoofed source UDP packets to each server.
Last calendar week nosotros saw 2 record-breaking DDoS attacks—1.35 Tbps hitting Github as well as 1.7 Tbps attack against an unnamed US-based company—which were carried out using a technique called amplification/reflection attack.
For those unaware, Memcached-based amplification/reflection assail amplifies bandwidth of the DDoS attacks past times a component of 51,000 past times exploiting thousands of misconfigured Memcached servers left exposed on the Internet.
Memcached is a pop opened upward source distributed retentiveness caching system, which came into word before final calendar week when researchers detailed how hackers could abuse it to launch amplification/reflection DDoS assail past times sending a forged asking to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim's IP.
Influenza A virus subtype H5N1 few bytes of the asking sent to the vulnerable Memcached server tin lav trigger tens of thousands of times bigger reply against the targeted IP address, resulting inwards a powerful DDoS attack.
Since final calendar week when Memcached has been revealed every bit a novel amplification/reflection assail vector, roughly hacking groups started exploiting unsecured Memcached servers.
But forthwith the province of affairs volition become worse with the unloose of PoC exploit code, allowing anyone to launch massive DDoS attacks, as well as volition non come upward nether command until the final vulnerable Memcached server is patched, or firewalled on port 11211, or completely taken offline.
Moreover, cybercriminals groups cause got already started weaponizing this novel DDoS technique to threaten large websites for extorting money.
Following final week's DDoS assail on GitHub, Akamai reported its customers received extortion messages delivered amongst the typically "junk-filled" assail payloads, asking them for 50 XMR (Monero coins), valued at over $15,000.
Reflection/amplification attacks are non new. Attackers cause got previously used this DDoS assail technique to exploit flaws inwards DNS, NTP, SNMP, SSDP, Chargen as well as other protocols inwards social club to maximize the scale of their cyber attacks.
To mitigate the assail as well as foreclose Memcached servers from beingness abused every bit reflectors, the best selection is to bind Memcached to a local interface but or exclusively disable UDP back upward if non inwards use.
