The Neustar take on the Memcached DDoS Attack
This week, the cyber security industry bore witness to a relatively new form of distributed denial of service (DDoS) amplification attack that can achieve unprecedented size and inflict extensive damage to online businesses.
The Memcached DDoS attack uses exposed database caching server (whose purpose is to accelerate content and network traffic) to create tremendous traffic loads and target Layer 3 infrastructure elements. With simple spoofing and no authentication needed, attackers can generate traffic responses 10,000 to 51,000 greater than the size of the request.
Earlier this week, a Memcached attack reached a peak of 1.35 Tbps – the largest attack ever mustered. These attacks are dangerous because they are capable of quickly escalating, and can leverage more than 100,000 servers to cause thousands of factors in amplified traffic with no warning.
For the past year, Neustar has invested in network expansion and capabilities to meet new threats such as Memcached. With 10 Tbps of capacity and 14 strategic nodes in place, Neustar is well-positioned to neutralize the Memcached threat. Neustar has proactively created the proper countermeasures in our scrubbing centers and upstream peers and carriers. We believe this will give us the mitigation ability to mitigate 18 simultaneous Memcached reflection attacks.
At Neustar, we continue to invest, deploy, and work to ensure that our customers are not affected by denial of service attacks. Our ongoing delivery of more than two dozen high-capacity nodes in more than two dozen strategic locations connected by only top-tier carrier circuits is backed by more than a decade of experience putting down the most dangerous and complex DDoS attacks.
We will continue to monitor the DDoS landscape and keep our customers apprised and protected from future threats.