Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » ‘Kill Switch’ to Mitigate Memcached DDoS Attacks — Flush ‘Em All

‘Kill Switch’ to Mitigate Memcached DDoS Attacks — Flush ‘Em All

Security researchers have discovered a “kill switch” that could help companies protect their websites under massive DDoS attack launched using vulnerable Memcached servers.

Massive Memcached reflection DDoS attacks with an unprecedented amplification factor of 50,000 recently resulted in some of the largest DDoS attacks in history.

To make matter even worse, someone released proof-of-concept (PoC) exploit code for Memcached amplification attack yesterday, making it easier for even script kiddies to launch massive cyber attacks.

Despite multiple warnings, more than 12,000 vulnerable Memcached servers with UDP support enabled are still accessible on the Internet, which could fuel more cyber attacks soon.

However, the good news is that researchers from Corero Network Security found a technique using which DDoS victims can send back a simple command, i.e., “shutdown\r\n”, or “flush_all\r\n”, in a loop to the attacking Memcached servers in order to prevent amplification.

Where, the flush_all command simply flush the content (all keys and their values) stored in the cache, without restarting the Memcached server.

The company said its kill-switch has efficiently been tested on live attacking Memcached servers and found to be 100% effective, and has already been disclosed to national security agencies.

Based on this finding, security researcher Amir Khashayar Mohammadi—who focuses on malware analysis, cryptanalysis, web exploitation, and other cyber attack vectors—has created and released a simple DDoS mitigation tool, dubbed Memfixed, that sends flush or shutdown commands to the vulnerable Memcached servers.

Written in Python, Memfixed automatically obtains a list of vulnerable Memcached servers using Shodan API to trigger shutdown/flush commands.

Stealing Sensitive Data From Memcached Servers

What’s more? Corero Researchers also claimed that the Memcached vulnerability (CVE-2018-1000115) is more extensive than initially reported, and can be exploited beyond leveraging it for a DDoS attack.

Without revealing any technical detail, the company said the Memcached vulnerability could also be exploited by remote attackers to steal or modify data from the vulnerable Memcached servers by issuing a simple debug command.

Dynamic database-driven websites use a Memcached application to improve their performance by caching data and objects in the RAM.

Since Memcached has been designed to be used without logins or passwords, attackers can remotely steal sensitive user data it has cached from its local network or host without requiring any authentication.

The data may include confidential database records, emails, website customer information, API data, Hadoop information and more.

“By using a simple debug command, hackers can reveal the ‘keys’ to your data and retrieve the owner’s data from the other side of the world,” the company said. “Additionally, it is also possible to maliciously modify the data and re-insert it into the cache without the knowledge of the Memcached owner.”

Server administrators are strongly advised to install the latest Memcached 1.5.6 version which disables UDP protocol by default to prevent amplification/reflection DDoS attacks.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket