It just got much easier to wage record-breaking DDoSes

Enlarge (credit: Gabriel Andri(C)s Trujillo Escobedo Follow)

It just got much easier to wage distributed denial-of-service attacks of once-unthinkable sizes, thanks to the public release of two ready-to-run exploits that abuse poorly secured memcached servers to flood targets with record amounts of junk traffic.

As Ars reported last week, DDoSers last month started bouncing specially developed traffic off of so-called memcached servers, which then respond by bombarding a targeted third party with a malicious flood that's thousands of times the size of the original payload. Attackers have long used such amplification techniques to magnify or augment the damage coming from the computers they control. What's special about memcached-based attacks is the size of the amplification-as much as 51,000 times, compared with about 50 to 60 fold for techniques seen previously. The attacks work by sending requests to servers that leave open port 11211 and adding spoofed packet headers that cause the responses to be sent to the target.

Within days of the new technique going public, security firms reported it being used in a record-setting 1.3 terabit-per-second DDoS against Github and then, two days later, a record-topping 1.7 Tbps attack against an unnamed US-based service provider.

Read 6 remaining paragraphs | Comments