How was Memcached Used For Largest DDos Attack Ever Recorded

GitHub became the victim of the largest DDos attack with 1.3 terabits per second of traffic hitting the platform all at once-interesting thing of this attack was that it required no botnet as typical DDos attack require botnets.

Real time traffic from the DDos attack

So instead of botnets attack was caused through Memcached Servers .

Now we will see what is Memcached and how was it used to create such high volumes of traffic.

What is Memcached?

Wikipedia describes Memcached as a general-purpose distributed memory caching system, but what exactly does the term Memcached mean? Cache is memory used to store the most frequently used resources (e.g. browsers store every website visited during a session in cache), because accessing resources from a cache is faster than accessing them from a disk drive. So Memcached means “memorycached” which simply is caching resources in the memory. These resources can be data retrieved from  database operations or  HTML pages. The data is stored in key/value pairs in the form of large hash tables.

As distributed system is part of the Memcached definition, you can install Memcached on various servers to make a larger caching server. In this way, Memcached helps reduce database loads to a minimum, resulting in faster and more responsive Web applications.

Memcached is best implemented for queries that are triggered multiple times in a second and demand huge data as output. Access to Memcached data is faster than the access time to disk drives because the Memcached data is stored in temporary memory.

How was it used to create traffic?

As Memcached DDoS attacks don’t require a malware-driven botnet. Attackers simply spoof the IP address of their victim and send small queries to multiple memcached servers—that are designed to elicit a much larger response. The memcached systems then returns large output data of the requests back to the victim.

It is difficult to determine the exact amplification factor of memcached, but the attacks Akamai saw generated nearly 1 Gbps per reflector.

Spoof of IP address is possible because memcached uses UDP  transfer protocol(which is unreliable and doesn’t require connection)

How Amplification Works

Whats the Solution?

For attackers the beauty of memcached DDoS attacks is there’s no malware to distribute, and no botnet to maintain.

  • Primary solution to memcached attacks is to not have the reflectors exposed to the internet. However, relying on remote systems administrators to remove their servers from the internet is not a solution likely to see immediate results.
  • Set up a firewall to ensure your memcached service is only accessible from the trusted hosts that require access to the service. Block all access to the service from the public Internet.

The developers behind memcached say that the latest version, Memcached 1.5.6, “disables the UDP protocol by default.”


Caesium : Open source tool for loss-less image compression

Caesium - open source lossless image compression tool

If you are a blogger or running a website then you must be knowing the importance of reducing the page load time. In turn to achieve this the first thing we look at is reducing the image size. But as we try to re-size or convert this images the visual quality of the image is also compromised. There are very few free tools available which we can use to reduce the size of image without much affecting the visual quality of it.

Caesium is one such open source software which uses loss-less image compression technology to reduce the image size. Even the users who are looking to save some precious hard disk space can be benefited by using this tool. You can see some of its samples over here.

Caesium - open source loss-less image compression tool

This tool is really easy to use. One can select individual pictures or batch upload them and compress them altogether. Processing time is negligible compared to other image processing tools. This is an open source application so you can download and use it for free. You can select to download the Windows installer and install it on your system just like any other application or you can use the portable version to carry it with you wherever you go. Choice is yours 😉

Download Caesium Windows installer (7.91 MB)

Download Caesium Portable (Windows only) (10 MB)



Chrome styled tabbed file explorer for Windows

Windows 8 has gone through many changes, but the concept of file browser remained very much same.  No doubt, the new improved ribbon interface looks good but not everyone would satisfy with a cool looking explorer.  Usability and efficiency is also important.

Whenever we open a drive or a folder in Windows explorer, it opens in a new window and at some point in time it becomes difficult to manage all open windows and switch between them unless you keep closing previous windows.

Clover - Chrome style file explorerClover is a small application which works as an extension to Windows explorer.  It allows you to open multiple folders in tabs just like you open different sites in different tabs in Google Chrome.

Apart from this,  Clover also lets you add files and folders to bookmark toolbar for quick access just like your web browser or you can use scroll click on your mouse to open the folder in new tab. It supports keyboard shortcuts like ctrl+t,  ctrl+d and many more. You can even use different themes with it.  So basically it brings the experience of Chrome to your file explorer.

Clover is a freeware and you can use it on Windows XP,  Windows 7 and Windows 8 operating systems.  If you like the concept of tabbed browsing then this one is for you. You can download it from the link below. Just download the file and double click on it to get started 😉

Download Clover (Windows Explorer with tabs) (3 MB)