3:55PM, 28 Feb 2018
TLP Rating: White
Memcached reflection denial-of-service
CERT NZ has been informed of an active attack that is using memcached servers to perform a reflected Denial of Service (DoS) attack.
This allows attackers to send queries to the memcached servers on port UDP/11211 or TCP/11211 and spoof the source IP and port (the target). The response would be amplified and reflected back to the target as a DoS attack.
CERT NZ is aware that this attack is active. Because of this, we strongly recommend you investigate your servers as soon as possible to prevent them from being used in an attack.