Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.98 minutes in June 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Memcached DDOS attack – How can we prevent the attack

by | Feb 22, 2021

Stuck with a Memcached DDOS attack? We can help you.

Most of the time the vulnerable Memcached service is there by accident. We can find out if the server is under this attack by analyzing the bandwidth usage pattern.

As part of our Server Management Services, we assist our customers with several such attacks.

Today, let us see how our Support Engineers work in order to prevent the Memcached DDOS attack.

 

Memcached DDOS attack

Memcached is just one service or process that runs on a server. Most of the time the vulnerable Memcached service is there by accident.

Attackers exploit Memcached reflection vulnerabilities to launch large denial-of-service attacks against target organizations.

If we analyze the bandwidth usage pattern, we can find if the server is vulnerable to this attack.

 

Solutions to prevent Memcached DDOS attack

  • Disable UDP

We have to make sure to disable UDP support if unnecessary. By default, Memcached has UDP support enabled, potentially leaving a server vulnerable.

  • Firewall Memcached servers

Firewalling Memcached servers from the Internet helps system administrators to use UDP for Memcached if necessary without exposure.

  • Prevent IP spoofing

Preventing IP spoofing is a larger solution. However, It is not easy to implement by any particular system administrator It requires transit providers to not allow any packets to leave their network that has a source IP address originating outside the network.

In other words, if all major transit providers implemented this type of filtration, spoofing-based attacks would disappear overnight.

  • Develop software with reduced UDP responses

Another possible method is to remove the amplification factor to any incoming request. If the response data sent as a result of a UDP request is smaller than or equal to the initial request, amplification is no longer possible.

 

Disable UDP

Furthermore, let us see how our Support Techs disable UDP in detail.

For Memcached services on CentOS and Fedora servers, we can adjust the service parameters by editing the /etc/sysconfig/memcached file with vi.

For instance,

#netstat -plunt | grep memcached
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 1916/memcached
tcp6 0 0 :::11211 :::* LISTEN 1916/memcached
udp 0 0 0.0.0.0:11211 0.0.0.0:* 1916/memcached
udp6 0 0 :::11211 :::* 1916/memcached

To secure this we need to disable the Memcache listening to UDP port by editing the Memcached conf:

vi /etc/sysconfig/memcached

Similarly, to make Memcached listen to 127.0.0.1 and disable UDP we need to add the below line in /etc/sysconfig/memcached

/etc/sysconfig/memcached
OPTIONS=”-l 127.0.0.1 -U 0″

Eventually, save and close the file.

Then we restart the Memcached service to apply changes:

sudo service Memcached restart

To verify that Memcached is currently bound to the local interface and listen only for TCP, we run:

netstat -plunt | grep memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1946/memcached

[root@server1 /]# netstat -plunt | grep memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 11985/memcached

[Still, stuck with the attack? We’d be happy to resolve them for you]

 

Conclusion

In short, Memcached DDOS attacks occur mostly by accident. In order to prevent it, our Support Techs suggest to Disable UDP, Firewall Memcached servers, etc.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *