Posted on March 1, 2018 at 1:24 PM
Misconfigured Memcached Servers can be Abused for massive DDoS Attacks
As new and more sophisticated technologies appear, developers have to make a choice. One being the security of their technology, which uses many of the developers´ tools at hand. The other is the easiness of operation for users who buy their technology. Of course, as they leave the security systems to default, they also leave an open door for hackers, who, after getting their hands on the hardware or software specs, can find out how to break into the system and cause havoc among people, software and hardware buyers. They can even be in a position to steal personal information such as names, addresses, pin numbers for bank accounts, etc.
One of the favorite doors that hackers have been using (mostly without consequence to them) is DDOS (Distributed Denial of Service). It basically means that they enter through one or several of the servers at public disposition for a company, game, etc., and force an incredible amount of data through these servers, polluting the flow of the information and slowing. Even blocking entirely the service those companies offer to people in general.
Even though this would seem like a childish endeavor, the fact that they can block business, puts unethical companies in an advantaged position, where they can hire a hacker who then uses minimal resources to attack a specific low-security server company, for example, a competing one, and slow or even block them completely, causing clients and market in general to flow to another company, or even a group of companies.
The fact that hackers can cause a 15 bytes protocol or file to even reach a size of 750 bytes is a cause of alarm and calls forth the need to analyze and recreate the structural modality of these servers.
On another angle of attack, while the servers are being attacked by monstrous amounts of random information (or apparently random), malware and botnets could sneak in the mainframe of a software, infecting it to delete information or to steal it. There are nearly 90,000 servers vulnerable right now in the world, with the highest concentration in the U.S.A. and Europe.
One of the technologies used for the amplification of speed and data packaging is UDP (User Datagram Protocol), which sounds good enough, but can definitely backfire when it is used along the vulnerable Memcached servers.
So, what is the solution for this issue? According to networking experts, it is an old solution, which is the use of a firewall that could work alongside Memcached servers to filter attacks and to detect possible intrusions and either slow them down or stop them completely. Another option is to train the servers’ buyers into configuring the security of the servers, which is not an easy task, one that could potentially generate a lot of new expenses on training that might never be used. Lastly, all experts agree that every server should monitor and control the use of UDP to antagonize the hackers´ attempts.