Security

World's biggest DDoS attack record broken after just five days

Memcached attacks are going to be this year's thing

By Iain Thomson in San Francisco

19 SHARE

Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right.

Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were no outages as the provider had taken adequate safeguards, but it's clear that the memcached attack is going to be a feature network managers are going to have to take seriously in the future.

Time to batten down the hatches

The attacks use shoddily secured memcached database servers to amplify attacks against a target. The assailant spoofs the UDP address of its victim and pings a small data packet at a memcached server that doesn't have an authenticated traffic requirement in place. The server responds by firing back as much as 50,000 times the data it received.

With multiple data packets sent out a second, the memcached server unwittingly amplifies the deluge of data that can be sent against the target. Without proper filtering and network management, the tsunami of data can be enough to knock some providers offline.

Gits club GitHub code tub with record-breaking 1.35Tbps DDoS drub

READ MORE

There are some simple mitigation techniques, notably blocking off UDP traffic from Port 11211, which is the default avenue for traffic from memcached servers. In addition, the operators of memcached servers need to lock down their systems to avoid taking part in such denial of service attacks.

"While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit," said Carlos Morales, VP of sales, engineering and operations at Arbor Networks.

"It is critically important for companies to take the necessary steps to protect themselves."

It has been nearly five years since the first memcached attacks were reported, but in the last few weeks they have grown in popularity, and even include ransoms. It's clear these are going to be a feature unless memcached server operators get their act together. ®

Sign up to our NewsletterGet IT in your inbox daily

19 Comments

More from The Register

World's biggest DDoS-for-hire souk shuttered, masterminds cuffed

Webstresser.org taken down by Europol plod and chums

US senators get digging to find out the truth about FCC DDoS attack

And why serial self-promoter John McAfee is a security expert on Russian hacking

Cavalry riding to the rescue of DDoS-deluged memcached users

Attacks tapering, as experts argue over 'kill switch'

UK lotto players quids in: Website knocked offline by DDoS attack

It could be you*

FCC blames DDoS for weekend web lockout

Vid Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists

DDoS attack brings Qatar's Al Jazeera website to its knees

Hacking attempts come amid diplomatic crisis in the Gulf

'App DDoS bombs' that slam into expensive APIs worry Netflix

Attackers can look legit while hitting APIs that make the most work for an app

DreamHost smashed in DDoS attack: Who's to blame? Take a guess...

Is it the alt-right or anti-fascists? Most likely the latter

Pokemon Go DDoS claim

152k cameras in 990Gbps record-breaking dual DDoS

Hacked low-powered cameras and internet-of-things things