virus logo Intrusion Prevention

Memcached.UDP.Amplification.Detection

description-logoDescription

This indicates an attack attempt against an UDP Amplification flaw on the Memcached protocol.
The vulnerability is due to an error in the vulnerable application when handling a series of maliciously crafted requests. An attacker can exploit this to cause a denial of service condition on the affected machine via maliciously crafted requests. The signature detects for 50 suspicious requests within 1 second.
Setting this signature to "Quarantine" is not definitive to who the attacker is as the both the client and the server are victims for this issue.

affected-products-logoAffected Products

Memcached prior to 1.5.6

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://github.com/memcached/memcached/wiki/ReleaseNotes156

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:low:high

References

http://powerofcommunity.net/poc2017/shengbao.pdf https://github.com/memcached/memcached/blob/master/doc/protocol.txt https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
ID 45650
Created Mar 08, 2018
Updated Feb 12, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-1000115
Exploit Prediction Score 96.97%
Default Action drop
Active
Affected OS All
Affected App Other