For the last few days, Vulnerable Memcached Servers were targeted by hackers to conducted DDoS attacks including the world’s largest ever 1.7 Tbps of DDoS attack on Github website.

After the massive attacks on memcache servers worldwide three PoC codes were published online to exploit the thousands of Memcache servers still vulnerable. Along with PoC code a list of 17,000 vulnerable servers were also published. The PoC codes could allow even script-kiddies to launch massive DDoS attacks using UDP reflections easily.

But now the researchers at SPUZ.me have released a new tool to shutdown all vulnearble sers at one go. The tool is named as Memfixed. According to the publisher: Memfixed is DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API.

This tool is written in python and this allows you to shutdown/flush vulnerable Memcached servers obtained from Shodan search engine and utilising the killswitch published by a security researcher dormando. He has discovered a “kill switch” to counteract the Memcached vulnerability that recently fueled some of the largest distributed denial-of-service (DDoS) attacks in history. The tool also has the capability of shutting down or flushing specific vulnerable memcached servers for companies/services being attacked (assuming the user knows its IP address).

Memcached DDoS Exploit Code
Poc code to exploit vulnerable Memcache servers

Memcached is a popular open source distributed memory caching system, which came into news earlier last week when researchers detailed how hackers could abuse it to launch amplification/reflection DDoS attack by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim's IP.

For those unaware, Memcached-based amplification/reflection attack amplifies bandwidth of the DDoS attacks by a factor of 51,000 by exploiting thousands of misconfigured Memcached servers left exposed on the Internet.

Post a Comment Blogger