Memcache Amplification Attacks


Recent denial of service attacks have used Memcache ( as a reflector for amplification of traffic gaining 10,000x and greater packet size amplification. The attacker sends requests to accessible Memcached servers on UDP port 11211 with a spoofed IP address (the target victim). The response packet size is much greater and using many reflectors can generate a denial of service attack against a victim website.


Fixing Memcached Servers

RedShield denies traffic from source port 11211 (TCP and UDP) so systems behind RedShield are safe from attack. 

To prevent any Memcached servers from being abused as reflectors block UDP on port 11211 at your firewall.

By default Memcached listens on all interfaces and runs with UDP support enabled by default. Administrators are advised to disable UDP support if they are not using it and only support connections on TCP.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request