Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Memcached Amplification Attack (Memcrashed)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Mitigation

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

A publicly accessible Memcached server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.

Insight

Insight

An Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible Memcached servers to overwhelm a victim system with response traffic. The basic attack technique consists of an attacker sending a valid query request to a Memcached server with the source address spoofed to be the victim's address. When the Memcached server sends the response, it is sent instead to the victim. Attackers will typically first inserting records into the open server to maximize the amplification effect. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid clients, it is especially difficult to block these types of attacks.

Solution

Solution

The following mitigation possibilities are currently available: - Disable public access to the UDP port of this Memcached server. - Configure Memcached to only listen on localhost by specifying '--listen 127.0.0.1' on server startup. - Disable the UDP protocol by specifying '-U 0' on server startup. - Update to Memcached to 1.5.6 which disables the UDP protocol by default.

Common Vulnerabilities and Exposures (CVE)