Success Stories

Genie Helps Customers Protect Against Memcached DDoS


In the past few days, a new attack method, Memcrashed, caused web sites to become denial of services. Hackers have been exploiting the vulnerability of Memcached protocol as their volumetric, reflective, amplification attack tool.



Memcached is an open-sourced, high-performance, distributed, memory object-caching system, which is intended for use in speeding up dynamic web applications by alleviating database load. Memcached is powerful, ease of deployment, yet does not have native authentication, and hence easy to abuse. While Memcached servers were never meant to be available over the public internet, they often are.


Since last week, hackers found legitimate Memcached servers on the Internet, and used them to launch the UDP-based, reflection attack. The attack set the new record for the biggest DDoS ever detected. This is due to the massive amplification factor of Memcached where a 203 byte request can result in 100MB response of reflected traffic. While other common reflected DDoS attack methods, such as DNS, NTP, Chargen, or SSDP amplification, have amplification ratio like one to hundreds, Memcached DDoS allowing a maximum 1 to hundreds of thousands of amplification ratio. The amplification ratio makes it a worst ever amplification attack.


The source IP spoofing technique also worsen the threat. The attackers send lots of Memcached get requests, via 11211 UDP protocol port, with spoofed source IP addresses to the target servers. Once the target server receives a memcached get request, it sends a response over the Internet in a stream of multiple much larger UPD packets to the spoofed IP addresses. The source spoofing hence not only masks the attacker location, but also stages a reflected assault.


Memcached DDoS can easily overflow the target servers’ as well we the reflected attack victims’ bandwidth limits. When DDoS attacks reach this level of sheer volume, it will need to look into the Internet service providers for an in-cloud DDoS detection and mitigation service.


Last week, in many of our service provider customers’ site, GenieATM helped monitor and analyse this Memcached DDoS attack. It has been monitoring the service provider’s whole network infrastructure for the 11211 UDP protocol port traffic. GenieATM alerted on the anomalous Memcashed traffic rate deviating from its normal traffic baseline. In addition to the monitoring and alerting, GenieATM provides rich traffic attribute reports of the attack to offer users insights including the target servers and the reflective attack victims. It helps the service providers notify the vulnerable servers to reinforce the security measures, and mitigate the volumetric reflective attack traffic to avoid bandwidth abusing. To date, many of our telecom customers have reported that GenieATM plays an important role in helping them monitor and respond to the Memcached DDoS attack.




Success Stories
TransIP Adopts GenieATM for DDoS Protection and Mitigation
Throughout the years, Genie Networks has set foot in the Dutch market for DDoS security and traffic analysis and helped numerous Dutch ISPs and web hosting companies secure their backbone network infrastructure and their customers’ networks. To add...
Success Stories
Genie Supported Telin in an Annual IMF event 2018
Telin, a subsidiary of Telkom, the largest telecommunication service provider in Indonesia, adopted Genie Network’s traffic analysis and DDoS attack solution to ensure network stability and security for the 2018 Annual Meeting of the International ...
Success Stories
Akon Technologies and Genie Networks protect VEON customers against DDoS attacks during World Cup 2018.
Genie Networks, a technology leader in traffic visibility and Distributed Denial of Service (DDoS) protection, will provide the technology against DDoS attacks for Russian telecommunications leader VEON during the World Cup. One of the priorities ...