Overview of DDoS Memcrashed Exploit
Distributed denial of services attack is increasing in recent years, and different new attacks methods are introduced, memcrashed is one of them. It can blast website by applying terabytes of traffic. It basically works on exploiting the memchached program, which is an open-source, object-caching, and high-performance system. Commonly it has been used by social networks such as Facebook, Twitter etc. The program provides the ability to handle a large amount of input and output data. The trouble starts from cached memory of web-server session stored in users’ computer to speed up their sites. These Memcached are never meant to be available on the public internet, while incompetent administrators of the system can expose Memcached-enabled servers over the public network. If Memcached available on the internet come into the hands of attackers, they can use it to perform multiple distributed denial of service attacks.
Whenever a service receives a Memcached request, it collects all the values and information from memory, which are requested to form a response. After this, it has been sending over the internet in an uninterrupted stream of different UDP packets with a length of 1,400 bytes. The attacker has the ability to insert the records into the open Memcached server. Since the user can configure it, the attacker can insert a large amount of data. In order to use the data in the attacks, the attacker can store a large amount of value into the data store.
An attacker would not stop with only one vulnerable server but they will push multiple Memcached servers to perform a huge attack on their target. As a result, the attacks have the ability to hunt down any server in the world. Memcached DDoS exploit tool is widely used by attackers to send forged UDP packets to server. The main agenda of Memcached Distributed Denial of Service (DDoS) attack is to compromise the security of Memcached servers placed over the public internet.
Solutions to avoid Memcrashed Exploitation
The distributed denial of service attack (DDoS) is performed by using the Memcached servers, which are exposed on the public internet. These kinds of attacks take advantage of Memcached communication, which have been using UDP protocol for the transmission. Due to the high amplification ratio, the attack can cause a great loss of data and other services.
In order to avoid such attack, one set a firewall to make sure that Memcached services are only accessible by trusted services and hosts. The firewall has the ability to block all the access to the services, which are applying from the public internet.
Other than this, an organization can disable the connections over UDP and allow TCP connections if Memcached deployments do not depend on the use of UDP transport protocol. This kind of restriction can be used by configuring the firewalls.
With the adoption of the above solution techniques, one can reduce the chances of Memcrashed exploit with the help of Memcached services.