There have been multiple reports of Memcached servers being exploited in massive DDoS attacks this week. Oracle Dyn users are protected.
Memcached is an open source software that many organizations install on their servers to increase backend performance. Due to its large amplification potential and the fact that many organizations deploy Memcached hosts that are accessible from the public Internet, this is of significant concern. Attackers can simply search for those hosts and exploit them by sending specific packet types to execute high-volume DDoS attacks.
The attack vector is UDP Port 11211, which is typically associated with Memcached services. Some attacks reported to date have exceeded 400Gbps at their peaks.
Oracle Dyn first observed and was successfully able to mitigate an attack of 45Gbps early Wednesday, February 28th.
“The Memcached DDoS threat vector is the latest example in a growing number of amplification vulnerabilities that are exploiting the connectionless nature of the UDP protocol,” described Leon Kuperman, Vice President, Software Development at Oracle. “We are staying vigilant and are preparing for a potential escalation of these types of attacks.”
The increased number of attacks of this nature and the fairly simplistic means of execution, further underscores the importance of automated, scalable DDoS protection.
For further information, see: https://www.us-cert.gov/ncas/alerts/TA14-017A.
If you are concerned about this recent wave of high-volume DDoS attacks and would like more information on how your organization can leverage Oracle Dyn’s advanced DDoS protection, visit https://dyn.com/ddos-protection/.