This mitigation technique relies on the attacked victim sending a "flush_all" command back to the attacking servers

News broke that a mitigation mechanism is available for all victims who are under a DDoS attack carried out via Memcached servers. This mitigation technique relies on the attacked victim sending a "flush_all" command back to the attacking servers. The measure was proposed last week by Dormando, one of the Memcached server developers.

Johnathan Azaria, security research specialist at Imperva Incapsula, said: “While this technique might be a suitable solution in a simplified environment, we would advise to keep the following in mind:

* The Memcached servers used for the attacks are a victim as well. Sending a shutdown command or constantly flushing a server you do not own is considered to be an intrusive act and should not be implemented without considering all possible implications.

* Even when implemented perfectly, this technique might not protect against the first attack wave, especially when multiple Memcached servers are used. Furthermore, companies without a suitable DDoS mitigation system are still exposed to numerous other popular DDoS amplification attack vectors such as NTP and DNS.”