Security researcher Amir Khashayar Mohammadi has released today a new tool named Memfixed that can help victims of DDoS attacks carried out via Memcached servers.
The tool, written in Python, was coded around a mitigation technique put forward by a developer on the Memcached project, but also verified by DDoS mitigation firm Corero.
The mitigation technique consists of sending a "flush_all" command to a Memcached server that is attacking a victim's network, part of a larger DDoS attack.
Mohammadi created Memfixed to automate the mitigation process of a Memcached DDoS because "vendors are not updating or to the least minimum disabling UDP, companies are being hit with amplified DDoS attacks".
Using this tool a victim can send a "flush_all" command to each IP in part, or to a group of multiple attacking IPs. The flush_all command wipes a Memcached server's cached memory, including the malicious payload that is executing the DDoS attack.
In addition to flushing the cache, Memfixed also supports sending a "shutdown" command to attacking servers that actually shuts down the memcached daemon.
If you are under attack and are considering using this tool, it should be noted that its use is most likely illegal in almost all countries. This is because you are accessing a a server that you do not own and modifying its behavior without permission. Therefore, it is strongly advised that you contact law enforcement and seek legal advice before considering the use of this tool.
Mohammadi provided Bleeping Computer with the following screenshot showing the Memfixed tool mitigating an attack.
Mohammadi is the same researcher who previously released a PoC tool named Memcrashed that automated Memcached-based DDoS attacks.