Memcrashed Vulnerability

Verified

Added on  2023/04/07

|18
|4178
|130
AI Summary
This report provides an overview of the Memcrashed vulnerability, including potential threats to computer systems and networks, how the vulnerability works, and its usage. It also evaluates countermeasures and security policies and techniques. The report analyzes the likely future importance and effectiveness of the Memcrashed vulnerability.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: MEMCRASHED VULNERABILITY
Memcrashed Vulnerability
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1MEMCRASHED VULNERABILITY
Executive Summary
Cyber world has been entitled with making the lives of people easier with every passing day.
The technical advancements that it has made so far have been phenomenal, and it is evident
in the way people lead their daily lives, or even run an entire organization. Nevertheless, with
increased levels of advancements, there have also been reports about the vulnerabilities of the
technology. The computer networks are surrounded with unauthorized and malicious hackers
who are at a constant search for weaknesses and vulnerabilities in the system or the network
to barge into for their personal needs. It was found that in February 2018, hacker and
attackers have gotten hold of the memcached server vulnerability in GitHub, after which the
attacker had fished out a huge amount of data which was regarded as the Memcrashed
Vulnerability. This report below is based on the security threats that computer systems and
networks face more often, the reasons behind the memcached vulnerability, the
countermeasures, and the evaluation about the security policies and the techniques, the details
about memcached vulnerability and how it is used, the examples about the principles of the
key or primary values or databases, the description of the Memcrashed exploit, the
description of the solutions to the vulnerability and the analysis of the likely future
importance and effectiveness of Memcrashed vulnerability.
Document Page
2MEMCRASHED VULNERABILITY
Table of Contents
Introduction................................................................................................................................3
Potential threats to computer systems and networks..............................................................3
The Memcached vulnerability, how it works and how it is used...........................................5
Evaluation of the Countermeasures.......................................................................................8
Evaluation of security policies and techniques....................................................................10
Principles of key-value databases........................................................................................11
Analysis of the likely future importance and effectiveness of Memcrashed.......................12
Conclusion................................................................................................................................13
References................................................................................................................................15
Document Page
3MEMCRASHED VULNERABILITY
Introduction
The latest era in the cyber world has made lives for the people extremely easy with al
the advancements it has been making with time. However, it had been facing tremendous
problems as the advancement also has its disadvantages in having cyber vulnerabilities as
well. The problem with the cyber world is that, the more the technologies are becoming more
advanced for providing the users with enough ease-of-use and advanced features, the
malicious unauthorized hackers are also developing systems that would easily barge into the
system in every possible vulnerability they find. The tools and technique of the hackers are
becoming more advanced with time and there are numerous vulnerability threats that are also
causing security problems to the users. One of these security vulnerabilities include the
Memcrashed vulnerability that was detected in November 2017 (Gijtenbeek and Dijkhuizen
2018). Thus the following report would be based on the Memcrashed vulnerability. This
report would first describe the general potential threats to the networks, the evaluation of the
countermeasures, the evaluation about the security policies and the techniques, the details
about memcached vulnerability and how it is used, the examples about the principles of the
key or primary values or databases, the description of the Memcrashed exploit, the
description of the solutions to the vulnerability and the analysis of the likely future
importance and effectiveness of Memcrashed vulnerability.
Potential threats to computer systems and networks
Security risk and vulnerability are both two different types of security issues in nature,
although they are mistaken to be the same most of the time. A security risk can be considered
to be one of the significant impacts of a security exploit or a security vulnerability. Having
said this, the potential threats to the computer systems and networks are reported to be

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4MEMCRASHED VULNERABILITY
encashing on the vulnerabilities of a system to cause potential threats and security risks
(Singhal and Ou 2017). Thus, the computer security threat leads to the potential harm of the
hardware of the system and their infrastructure. The results of the security threats can be
harming to the computer systems or an infrastructure as a whole. A security threat can also be
regarded to be threatening to the computer system physically. For example, the stealing of a
computer can also be considered to be a security threat. Non-physical security threat can
include the likes of virus attacks. Following would be a detailed discussion on the security
threats of the computer systems including the physical threats and the non-physical threats.
Physical Threats: The physical threats are considered the ones to be causing an
incident which might be resulting to the loss of the computer systems or even the ones
causing physical damage to the systems (Mousavi and Hilaire 2015). The physical threats to a
computer system can be classified as follows:
Internal threat: These threats include the potential harm of the computer
system caused due to the impact of unstable power supply, fire, cause of
humidity in the room due to the extensive use of the hardware and others.
External threat: These include the threats caused by lighting, earthquakes,
flood and others.
Human threats: These include the harm to the computer systems due to theft,
vandalism, and disruption to the hardware system due to accidents or internal
errors.
Non-Physical threats: A non-physical threat can be classified as the reason that can
potentially case loss of system data and corruption, loss of sensitive information, disruption
of business operations which is based upon the computer systems, the illegal monitoring of
the activities found in computer systems, information or data breaches and others amongst
Document Page
5MEMCRASHED VULNERABILITY
few (Myint et al. 2019). These can also be regarded as logical threats and there are few
common types of identified non-physical threats that are to be listed as below:
Virus
Worms
Trojans
Spyware
Key logger
Denial of Services Attack
Adware
Distributed Denial of Service Attacks
Unauthorised access
Phishing
The Memcached vulnerability, how it works and how it is used
Memcached vulnerability attack was reportedly been identified as a DDoS or
Distributed Denial of Service Attacks attack on GitHub on 26 February 2018, which was
possible due to the vulnerabilities found in memcached. It was confirmed by Ashley
Stephenson, who is the CEO of Corero Network Security, the organization that primarily
focused on securing networks from DDoS attacks (Winarno and Ishida 2016). Typically, is
detected that the DDoS attacks are bad actors using a varied classification of techniques like
botnets and memcached. Memcached is basically the distributed and open-source object
utilized for memory caching which is available for hosting the servers to help the running of
programs faster than usual. Mostly, memcached is available within the memory and is a key-
value store utilized for a comparatively small amount of data obtained from the results of the
database cells, page renderings and API calls (Burke, Herbert and Mooi 2018).
Document Page
6MEMCRASHED VULNERABILITY
Figure 1: The DDoS Memcrashed attack on GitHub
(Source: Kotey, Tchao and Gadze 2019)
Mostly the memcached is used for serving the users as they help in getting to load the
webpages for the users in a much faster way. In a simple way, it can be said that memcached
is an open source system that stored data within the memory of the computer and speeds up
time of accessing. The Memcrashed vulnerability on the other hand is the way by which the
memcached program is exploited for its ability to work as highly performing open source and
distributed object caching system. Reportedly, it is utilized by the social network sites like
Facebook and LiveJournal, the initiator of the live in-memory key-value store arbitrary data
stored in small chunks (Kotey, Tchao and Gadze 2019). This program specializes in enabling
the other programs in handling their massive data for I/O.
In case the Memcrashed program tries to take advantage of memcached, in order to do
so, there are several ways that gets followed. The served at first obtains a memcached get
request which it happens to collect the requested data from the memory to make a request out
of it. This is then sent above the internet within the uninterrupted stream of the multiple UDP

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7MEMCRASHED VULNERABILITY
packets. Every one of these UDP packets can exceed upon the length of 1400 bytes (Harrou
et al. 2018). The attacker in this case, can offer to supplement records in the thus open
memcached server. Since, memcached has a storage capacity of about 1MB for each of the
stored values, the attacker can even choose to insert larger data values as it will automatically
be configured by any user (Deka, Bhattacharyya and Kalita 2017). This would even not
require any kind of authentication for the entire process to culminate. This further elevates
the case as the attacker can thus exceedingly insert larger data within the memcached server
and use them for future attacks as well. The attacker can even demand for the multiple or
duplicate keys for the unauthorised configuration just with the help of a single request.
Figure 2: Working Principle of Memcrashed Attack
(Source: Borkar et al. 2016)
Thus, the above explanation clears out the working principle of the Memcrashed
vulnerability, the probable vulnerabilities listed as above in details can elaborate why it is
easy to take advantage of the memcached and advance to cause a potential threat and even
cause an attack to the system (Pathan, 2016).
Document Page
8MEMCRASHED VULNERABILITY
Evaluation of the Countermeasures
Since the vulnerability level of the Memcrashed attacks have set to be found to be
irresistible for the attackers, it can be predicted easily that it has the potential of bringing
down an entire organization in the similar lines that it has brought down attacks on GitHub. It
was found that GitHub has mounted the attacks at such a level that the tool which was
initially intended for the server users to help them load webpages faster was turned around to
be used as a security threat and attack the users instead. When it was at its peak, the reports
have found that it aimed almost 1.35 terabytes of data from the GitHub servers each second
(Zhang, Zhang and Lee 2016). This is why the cyber security industry had decided on having
high alert countermeasure to prepare itself for the latest peak of the DDoS attacks. Surveys
have reported that 92 per cent of the organizations are currently focusing on the
countermeasures to be taken against these vulnerabilities for DDoS attacks concerning the
memcached servers (Wang et al. 2015). So far the organizations have not heard of a
resurrection of the vulnerability attacks, the organizations are still following several
countermeasures with effective evolutions to be prepared against the memcached
vulnerability and the following DDoS attack. Therefore, following would be the ways by
which the organizations have been preparing their countermeasures for the security
vulnerability and the following security attack.
Figure 3: Massive amplification of the DDoS attacks
Document Page
9MEMCRASHED VULNERABILITY
(Source: Zhang and Green 2015)
The understanding of what needs protecting: It is essential that a business first
understands the need of protecting the organization from the most vulnerable areas in the
system that are more susceptible to fall victim to the entire attack to avoid being the probable
next victim for the flooding of the attacks due to the Memcrashed vulnerability (González et
al. 2018). It has been identified that the Memcrashed vulnerability is mostly occurring
through the vulnerabilities found in the internet servers. Therefore, it is necessary that the
organizations or the service provider regularly verify and keep on running system patch tests
and penetrations testing. Along with this, the countermeasure would be much more effective
if an additional vulnerability assessment is made along with the other countermeasures for
finding out the most vulnerable area within the servers. This would be essential on a broader
scale and it is suggested that every business organization should have a planned and
dedicated DDoS attack mitigation plan for fighting against the inevitable occurrences of the
attacks over the internet (Singh and Singh 2018). It is just not that, but the severe and
consistent checking of the vulnerabilities also comply to the necessary standards of the
organization.
Clear definition of the processes: After the assessment of the vulnerabilities about
the weaknesses of the internet servers across the organization, necessary steps should be
taken to make sure that there is a proper implementation of the escalation path and how the
entire problem might find a feasible solution along with this. It is essential that a proper
viability of the entire assessment is mapped out at a measureable level. This is required as the
system would have an appropriate route to further reform the issue so far. This way, the
system would have enough of the resiliency and efficiency for the carrying out of the
operations in the most feasible and most seamless way possible (Borkar et al. 2016). This is
because for the best case scenarios, it has been found that the most advanced technology has

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10MEMCRASHED VULNERABILITY
only resulted to be as good as the process as it was modelled successfully as per the
requirements of the organization which has been using it. The experts have been suggesting
of providing an installation for the mitigation to happen downstream for defending the point
of the attack and at the same time, another one should be installed at the upstream, for
helping with the provision of proper protection as close as possible to the attacker to ensure
that the servers are protected before the attacker reaches the servers. This would provide a
better chance to be prepared for fighting off the threats before it can even reach the servers. In
addition to that, for worst case scenarios, if the system crashes entirely, there would always
be a backup that would help coping with the crash and would not have the organization be at
a position to experience data or information loss (Zhang and Green 2015).
Having information about what is normal: This countermeasure would provide the
idea of the assets that would help the organization or the service provider to be aware of the
interaction that is to be provided for the communication of the context. In this way, the
organization would have the provision of properly isolating the events which are found not to
be normal and the ones that would be easier for the organization to investigate them (Hyder
and Lung 2018). These can be effectively completed successfully through the website
monitoring tools. These provide the organizations in having an overall understanding of the
online performances and helps in determining the difference between an internal glitch and
the possibility of a risky external attack. Thus, in this way, instead of panicking about every
glitch to be an external attack, the organization would be more prepared about the situation
when an actual attack occurs.
Evaluation of security policies and techniques
Since the Memcrashed attacks on GitHub, it has been an ensuing discussion over the
topic of providing particular security measures and it has been underlining on how
Document Page
11MEMCRASHED VULNERABILITY
organizations should be prepared with their operations of the memcached servers (Cugnasco
et al. 2016). The discussion brings out that the organizations should be prepared to be
providing security with the implementation of very basic security practises.
There were people who were insistent about the application of UDP over the
memcached server. However, there were sceptical ideas about this implementation and thus it
has been found that there has been occurrence of the disabling of the UDP functionality when
it was not being used. This was eradicated as an option since it was found that this particular
protocol has been disabled at the ISP or the Internet Service Provider layer (O’Hare 2018).
This is because; it has been found that memcached over UDP is extremely dangerous for
running on the open internet.
This is why, there are extreme measures taken on the provision of services of which
the operators are advised to follow several security measures to follow. These security
measures can be listed as the follows:
It is to be ensured that all the memcached servers are at use should not be
exposed to the internet all at once.
The UDP port 11211 should always be blocked for all the firewall system that
have been facing the internet (Casola et al. 2018).
Memcached servers should have all the UDPs disabled form the servers.
Principles of key-value databases
A key value database is defined as data storage paradigm which has been designed for
the proper storage, retrieving, and management of the associated arrays and this data structure
is most commonly known by the name of a hash table or a dictionary. Mostly, it can be
regarded as a specific kind of non-relational database which mostly uses simple key value
Document Page
12MEMCRASHED VULNERABILITY
method for data storage. This stores the entire data represent it is an assemblage of key value
pairs. This key value pairs have a unique identifier. The keys and values can both be anything
from simple objects to compound and complex objects (Andreoli et al. 2015). The primary
principle of being a key value database is being highly participle and allowing the horizontal
scaling which is an achievable for various other types of databases.
For example, it can be said that Amazon DynamoDB has a potential of allocating the
additional partitions into a table when the existing partition has its capacity full to the brim
and there is a requirement of further storage space. This is a non-relational database
delivering the reliable performance in any scale and The DynamoDB can be fully managed in
from multiple regions and it can be accessed from multi master data bases which provide a
latency of single digit millisecond. On the other hand, Amazon DynamoDB also offers
security which is built in including the properties of backup and restore and in-memory
caching (Arabo 2015). Although it is not explicitly Limited about the number of attributes
that can be associated with all the individual items for each of them however the combined
size of the items that has every one of the attribute names and the attribute values has to be
restricted within 400 KB. Every table is an assortment of numerous data items just like a
relational database but every table has the potential of acquiring infinite number of data items
within it.
Analysis of the likely future importance and effectiveness of Memcrashed
The cyber world has become a frightening area where online conflicts had made the
future of cyber world to something extremely frightening. With the Memcrashed attack on
the memcached vulnerability, it was established that a server will receive a mean cached get
request and an attacker can load huge values of data in the storage system and use them at
random during the time of their attacks. It has already been reported that web performance

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13MEMCRASHED VULNERABILITY
and security companies have reportedly found 15 bytes of request triggered by almost 134
kilobytes of responses found. Although the amplification factor in this case has been
maximize by 10000 times (Hyder and Lung 2018). The practical limit of this vulnerability is
practically unable to be calculated and only a practical limit of the single vulnerable
memcached service network can be tolerated by a server. However, it is understandable that
any kind of malicious attacker would not just be happy with one vulnerable server even they
would want to post multiple memcached servers for attacking the target. This is a potential of
taking down any server on the planet and there is a potential that in future 91000 open
memcached servers can be falling into prey of massive DDoS attacks and it can raise even
higher.
For this all the security solutions or considerations that is provided should be followed
throughout to make sure that all the vulnerabilities that are likely to be occurring within the
main class servers are identified and all of them are kept at bay from the internet service by
the organisations or service providers to make sure that an entire organisation or even the
security of an individual users is protected.
Conclusion
Therefore, in conclusion it can be said that the rise of biggest distributed denial-of-
service or DDoS attacks are utilising the new method of Memcrashed. With the advancement
of time Technology has been advancing is well and simultaneously the security intimidations
and vulnerabilities are also applying new techniques and tools for barging into them or have
developed a liking for having an unauthorised authority over them. Since there has been a
huge fallout for the in-memory and key-value store for the organisation like GitHub, it is
understandable that the hacker was looking for one vulnerable point and it has been through
the open memcached servers. It is also being discussed in the above report that incompetent
Document Page
14MEMCRASHED VULNERABILITY
system administrators have mostly made this vulnerable be exposed in the face of the
memcached servers to the internet. the entire report has been analysed throughout with the
help of analysing the potential threats that computer system and networks face often with the
description of the Memcrashed vulnerability on how it works and how it has been used, the
evaluation of the counter measures for this particular vulnerability with the evaluation of the
security policies and techniques as well as a description about the primary principles of key-
value databases.
Document Page
15MEMCRASHED VULNERABILITY
References
Andreoli, A., Ferretti, L., Marchetti, M. and Colajanni, M., 2015, November. Enforcing
correct behavior without trust in cloud key-value databases. In 2015 IEEE 2nd International
Conference on Cyber Security and Cloud Computing (pp. 157-164). IEEE.
Arabo, A., 2015. Cyber security challenges within the connected home ecosystem
futures. Procedia Computer Science, 61, pp.227-232.
Borkar, D., Mayuram, R., Sangudi, G. and Carey, M., 2016, June. Have your data and query
it too: From key-value caching to big data management. In Proceedings of the 2016
International Conference on Management of Data (pp. 239-251). ACM.
Burke, I.D., Herbert, A. and Mooi, R., 2018, September. Using network flow data to analyse
distributed reflection denial of service (DRDoS) attacks, as observed on the South African
national research and education network (SANReN): a postmortem analysis of the
memcached attack on the SANReN. In Proceedings of the Annual Conference of the South
African Institute of Computer Scientists and Information Technologists (pp. 164-170). ACM.
Casola, V., De Benedictis, A., Rak, M. and Villano, U., 2018, October. A Security SLA-
Driven Moving Target Defense Framework to Secure Cloud Applications. In Proceedings of
the 5th ACM Workshop on Moving Target Defense (pp. 48-56). ACM.
Cugnasco, C., Becerra, Y., Torres, J. and Ayguadé, E., 2016, January. D8-tree: A de-
normalized approach for multidimensional data analysis on key-value databases.
In Proceedings of the 17th International Conference on Distributed Computing and
Networking (p. 18). ACM.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
16MEMCRASHED VULNERABILITY
Deka, R.K., Bhattacharyya, D.K. and Kalita, J.K., 2017. DDoS Attacks: Tools, Mitigation
Approaches, and Probable Impact on Private Cloud Environment. arXiv preprint
arXiv:1710.08628.
González-Aparicio, M.T., Younas, M., Tuya, J. and Casado, R., 2018. Testing of
transactional services in NoSQL key-value databases. Future Generation Computer
Systems, 80, pp.384-399.
Harrou, F., Bouyeddou, B., Sun, Y. and Kadri, B., 2018, November. A Method to Detect
DOS and DDOS Attacks based on Generalized Likelihood Ratio Test. In 2018 International
Conference on Applied Smart Systems (ICASS)(pp. 1-6). IEEE.
Hyder, H.K. and Lung, C.H., 2018, December. Closed-Loop DDoS Mitigation System in
Software Defined Networks. In 2018 IEEE Conference on Dependable and Secure
Computing (DSC) (pp. 1-6). IEEE.
Kotey, S.D., Tchao, E.T. and Gadze, J.D., 2019. On Distributed Denial of Service Current
Defense Schemes. Technologies, 7(1), p.19.
Mousavi, S.M. and St-Hilaire, M., 2015, February. Early detection of DDoS attacks against
SDN controllers. In 2015 International Conference on Computing, Networking and
Communications (ICNC) (pp. 77-81). IEEE.
Myint Oo, M., Kamolphiwong, S., Kamolphiwong, T. and Vasupongayya, S., 2019.
Advanced Support Vector Machine-(ASVM-) Based Detection for Distributed Denial of
Service (DDoS) Attack on Software Defined Networking (SDN). Journal of Computer
Networks and Communications, 2019.
Document Page
17MEMCRASHED VULNERABILITY
O’Hare, J., 2018. Scout: A Contactless ‘Active’Reconnaissance Known Vulnerability
Assessment Tool.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Singh, K. and Singh, A., 2018, October. Memcached DDoS Exploits: Operations,
Vulnerabilities, Preventions and Mitigations. In 2018 IEEE 3rd International Conference on
Computing, Communication and Security (ICCCS) (pp. 171-179). IEEE.
Singhal, A. and Ou, X., 2017. Security risk analysis of enterprise networks using probabilistic
attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
van Gijtenbeek, L. and Dijkhuizen, T., 2018. DDoS Defense Mechanisms for IXP
Infrastructures.
Wang, B., Zheng, Y., Lou, W. and Hou, Y.T., 2015. DDoS attack protection in the era of
cloud computing and software-defined networking. Computer Networks, 81, pp.308-319.
Winarno, I. and Ishida, Y., 2016, August. Simulating resilient server using software-defined
networking. In 2016 International Conference On Advanced Informatics: Concepts, Theory
And Application (ICAICTA) (pp. 1-4). IEEE.
Zhang, C. and Green, R., 2015, April. Communication security in internet of thing:
preventive measure and avoid DDoS attack over IoT network. In Proceedings of the 18th
Symposium on Communications & Networking (pp. 8-15). Society for Computer Simulation
International.
Zhang, T., Zhang, Y. and Lee, R.B., 2016. Memory DoS attacks in multi-tenant clouds:
Severity and mitigation. arXiv preprint arXiv:1603.03404.
1 out of 18
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]