Not even a week has passed since the code sharing platform GitHub suffered the world’s biggest DDoS attack recorded at 1.35Tbps. Just four days later, the world record of the biggest DDoS has been broken in an attempt to take down the systems of an unknown entity identified as a “US-based service provider”.
The 1.7Tbps attack could be called the worst of its kind, but the firm’s system survived without any outages as they had already taken precautionary measures.
According to Arbor Networks which helped in the detection and mitigation, the distributed denial of service was also performed using “Memcached servers”, many of which are publically exposed on the internet.
As already known, these servers can be utilized to amplify attack intensity and carry out massive DDoS attacks ranging in terabits per second. It is estimated that there are more than 90,000 misconfigured memcached servers available for abuse.
The attack can be carried out by spoofing the target’s IP address and sending a small crafted UDP ping to a Memcached server on the port 11211. It would return around 51,000 times more UDP packets to the victim’s real machine, thus, amplifying the attack.
The Memcached DDoS attack vector isn’t something new, it has been known since November 2017. But in recent times, more DDoS attacks abusing Memcached servers are being witnessed, and they are getting bigger as well.
Safety measures against such attacks include running the Memcached servers behind a firewall and blocking UDP traffic on port 11211. On the other hand, predictions are being made that the numbers could go up even further and might cross the 2Tbps mark.