3:55pm, 28 Feb 2018

TLP Rating: White

Memcached reflection denial-of-service

CERT NZ has been informed of an active attack that is using memcached servers to perform a reflected denial-of-service (DoS) attack.

This allows attackers to send queries to the memcached servers on port UDP/11211 or TCP/11211 and spoof the source IP and port (the target). The response would be amplified and reflected back to the target as a DoS attack.

CERT NZ is aware that this attack is active. Because of this, we strongly recommend you investigate your servers as soon as possible to prevent them from being used in an attack.