Memcached DDoS Exploits: Operations, Vulnerabilities, Preventions and Mitigations

This paper focuses on Memcached security from DDoS attacks during all stages of attack life cycle. It identifies Memcached architecture flaws on the one hand (which are long been ignored by developers of Memcached) and preventions/mitigation of DDoS attacks through several techniques depending on the type of vulnerability being exploited by the attacker on the other hand. In this paper we have explained the Memcached operations and architecture to identify and show the possible flaws in both of them. We have also taken reference of largest DDoS attacks ever recorded in the history of computer networks and as a follow up to recent attacks on Memcached this paper presents a fresh and strong list of simple commands and configuration security steps that are capable to avoid or mitigate Memcached DDoS attacks.

[1]  Katerina J. Argyraki,et al.  RouteBricks: enabling general purpose network infrastructure , 2011, OPSR.

[2]  Lili Li,et al.  Research on using memcached in call center , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[3]  Xindong Wu,et al.  A Distributed Cache for Hadoop Distributed File System in Real-Time Cloud Services , 2012, 2012 ACM/IEEE 13th International Conference on Grid Computing.

[4]  Werner Vogels,et al.  Dynamo: amazon's highly available key-value store , 2007, SOSP.

[5]  Eitan Frachtenberg,et al.  Many-core key-value store , 2011, 2011 International Green Computing Conference and Workshops.

[6]  Song Jiang,et al.  Workload analysis of a large-scale key-value store , 2012, SIGMETRICS '12.

[7]  Eitan Frachtenberg,et al.  Power and performance evaluation of Memcached on the TILEPro64 architecture , 2012, Sustain. Comput. Informatics Syst..

[8]  Ellen W. Zegura,et al.  Application-layer anycasting: a server selection architecture and use in a replicated Web service , 2000, TNET.

[9]  Hari Angepat,et al.  An FPGA-based in-line accelerator for Memcached , 2013, 2013 IEEE Hot Chips 25 Symposium (HCS).

[10]  Robert Tappan Morris,et al.  An Analysis of Linux Scalability to Many Cores , 2010, OSDI.

[11]  Vinton G. Cerf,et al.  A protocol for packet network intercommunication , 1974, CCRV.

[12]  Jure Petrovic,et al.  Using Memcached for Data Distribution in Industrial Environment , 2008, Third International Conference on Systems (icons 2008).