The Data Behind 2024's Cyber Threats
+420-602-558-144 I'm under attack Log in Sign Up

Memcached Amplification

6 March 2018

Last week there were several notable network incidents, which were the result of a new method for DDoS attacks amplification, using memcached database. Several DDoS mitigation providers, including Qrator Labs and Akamai, have confirmed that they were hit by this new attack kind. The new type of DDoS attack was able to break the record and reach 1.3 Tbps bandwidth. As a reaction to this new threat, Qrator.Radar team has added detection of the open-to-world memcached database in our daily scan.

Memcached by itself is in-memory key-value storage, which has simple goal - get the value for a selected key as fast as possible. This application uses both TCP and UDP on port 11211, and in some Linux-based operating systems by default listens to these ports on all interfaces. This created an opportunity for the attackers to:

  1. Inject a key with colossal value (50KB);
  2. Using IP spoofing create DDoS attack with almost unlimited amplification rate!

We created our scan by requesting stats method for the whole IPv4 address space. Of course, this kind of request does not show the possible rate of amplification, but we decided that we cannot inject any data into third-party databases, even with the proper intent. During previous week the number of vulnerable services has dramatically decreased.

The significant part of this decrease was the result of homework made by several huge ISPs: AS37963 (Alibaba) -5223, AS16276 (OVH) -2388 and AS4134 (China Telecom) -1631. Still, there are more than 8000 services that haven’t been fixed. We encourage all ISPs to check their networks and fix services that can be used as amplification for the DDoS attack.

Get your Report

Full name *
Work email *
Job Title *
Company name *

I acknowledge and agree to the terms and conditions set forth in Qrator Labs’ Privacy Policy.

Survey

Share your experience and expectations regarding DDoS protection. Your answers will help us tailor solutions to meet your cybersecurity needs.

Tell us about your company’s infrastructure and critical systems. This will help us understand the scope of protection you require.

Help us learn about how decisions are made in your company. This information will guide us in offering the most relevant solutions.

Let us know what drives your choices when it comes to DDoS protection. Your input will help us focus on what matters most to you.

1/4. Questions about Awareness and Needs Questions about Infrastructure Questions about Decision-Making Questions about Motivation
Have you encountered DDoS attacks before?
What is your company's average internet traffic volume?
Mb
Who in your company makes decisions about cybersecurity solutions?
What is most important to you when choosing an Anti-DDoS solution? (select multiple options)
What key risks do you want to minimize with DDoS protection?
Does your company have a solution to protect against DDoS attacks?
Which systems are critical for your business to protect? (select multiple options)
When do you plan to consider a solution for DDoS protection?
What is your company’s primary type of activity?
What level of DDoS protection do you consider sufficient?
Team size:
Thank you for completing the survey!
Your participation will help us produce better market analytics.
To main page
Thank you for staying with us!
If the document does not load, please click the "Download" button. Help us better understand the market and prepare better analytics, take the survey.
To main page
Qrator Labs uses cookies to improve your experience, deliver personalized content and analyze our traffic. By clicking “Accept All” you agree to the storing of cookies on your device to enhance website navigation and analyze usage, assisting in our marketing efforts and improving user experience. You may modify your cookies settings at any time, as explained in our Cookie notice.

Cookies Preference Center

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Detailed information about this category of cookies can be found in the Cookie Policy.
Performance/Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Detailed information about this category of cookies can be found in the Cookie Policy.
Targeting/Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. You may opt out of Targeting/Marketing cookies through the "Cookie settings" button. Detailed information about this category of cookies can be found in the Cookie Policy.
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalization. Company sets some functionality cookies, while third party providers whose services Qrator Labs added to the website set the rest of these cookies. If you do not allow functionality cookies, then services relying on functionality cookies may not function properly.
Your subscription successfully activated
To main page