News broke yesterday that a mitigation mechanism is available for all victims who are under a DDoS attack carried out via Memcached servers. This mitigation technique relies on the attacked victim sending a “flush_all” command back to the attacking servers. The measure was proposed last week by Dormando, one of the Memcached server developers.
Johnathan Azaria, Security Research Specialist at Imperva Incapsula:
“While this technique might be a suitable solution in a simplified environment, we would advise to keep the following in mind:
1) The Memcached servers used for the attacks are a victim as well. Sending a shutdown command or constantly flushing a server you do not own is considered to be an intrusive act and should not be implemented without considering all possible implications.
2) Even when implemented perfectly, this technique might not protect against the first attack wave, especially when multiple Memcached servers are used. Furthermore, companies without a suitable DDoS mitigation system are still exposed to numerous other popular DDoS amplification attack vectors such as NTP and DNS.”