MemCached Attacks Persist


Jigsaw Security utilizes the FirstWatch sensor to protect not only our network and resources but those of our customers. During the last 2 months we have been seeing large numbers of MemCached attacks being used in DDOS (distributed denial of service) operations.

Memcached is an open source tool that puts frequently used data into memory so that it can be access faster. While this is normally a good thing, it is causing big issues for provides that are being attacked by poorly configured or unpatched servers. There are approximately 112000 servers that are publicly facing and vulnerable. This pool of servers is being heavily utilized to carry out denial of service attacks generating traffic at levels never before seen in these attacks.

The biggest issue with MemCached is that it can be accessed by nearly anybody. As such and like other cloud services, it was created for ease of use with no real security options enabled by default.

Seeing Thousands Per Day

We have been observing thousands of probes per day on TCP and UDP port 11211 indicating that attackers are looking for this service. Jigsaw Security protected networks are NOT vulnerable to this attack. Our advanced protection does not allow this service. The number of probes for the service has been fairly stable for the past few months. We fully anticipate that unless the developers of the application change the default configuration, this attack vector will remain for some time.

How to fix your MemCached Servers

Here are the recommendations for fixing the MemCached servers to ensure that your systems are not being abused by malicious actors:

  • Bind MemCached to a local interface

  • Disable UDP

  • Setup firewall rules to protect your servers whenever possible

Here is a good article on how to secure your servers.


7 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.