Threat Intelligence ReportEclecticIQ Fusion Center Report: DDoS Attack Stemming from Memcached Servers Hits GitHub (English)
Earlier this week Cloudflare and various security researchers were reporting on an obscure amplification attack vector using the memcached protocol, coming from UDP port 11211. On Wednesday. GitHub experienced a DDoS attack stemming from memcached servers.
Report from EclecticIQ Fusion Center from Friday 2 March 2018.
- Memcached DDoS attacks don't require a malware-driven botnet.
- The attack (in Tbps) appears to be the largest seen, which surpassed the 2016 Dyn DNS DDoS.
- Attackers spoof the IP address of their victim(s) and send small queries to multiple memcached servers that are designed to elicit a larger response.
- According to Shodan, there are over 119,491 devices with port 11211 exposed to the internet.