Threat Intelligence Report

EclecticIQ Fusion Center Report: DDoS Attack Stemming from Memcached Servers Hits GitHub (English)

Earlier this week Cloudflare and various security researchers were reporting on an obscure amplification attack vector using the memcached protocol, coming from UDP port 11211. On Wednesday. GitHub experienced a DDoS attack stemming from memcached servers.

Report from EclecticIQ Fusion Center from Friday 2 March 2018.

Key Findings:

Memcached DDoS attacks don't require a malware-driven botnet.
The attack (in Tbps) appears to be the largest seen, which surpassed the 2016 Dyn DNS DDoS.
Attackers spoof the IP address of their victim(s) and send small queries to multiple memcached servers that are designed to elicit a larger response.
According to Shodan, there are over 119,491 devices with port 11211 exposed to the internet.

About EclecticIQ

EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.

EclecticIQ Fusion Center

EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.

Download Report

About EclecticIQ

EclecticIQ Fusion Center

EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.