skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum View


Akamai has reported the biggest volumetric distributed denial-of-service (DDoS) attack yet, measuring 1.3Tbps. It used UDP reflection/amplification, leveraging misconfigured memcached servers, of which there are some 50,000 in existence. Akamai and Arbor have recently detected significant increases in memcached-based attacks, suggesting that more volumetric attacks may be on the way.

Memcached opens the way for monster attack volumes

Annual reports from both Akamai and Arbor on the way the DDoS landscape is evolving have pointed to a growth in volumetric attacks, but these are still only one of a range of approaches by threat actors, with others, such as application-layer attacks, deliberately seeking to remain under the radar, using much lower bandwidths as a result.

What the recent memcached attacks demonstrate, however, is that the perpetrators have found a convenient way to launch the kind of monster attacks that swap an enterprise’s defenses and usually require external assistance to withstand.

Memcached is a distributed memory caching system that is used to speed up database-driven websites by caching data in RAM to reduce reads of external sources. The protocol allows the server to be queried for information about key value stores and is only intended to be used on systems that are not exposed to the internet. It requires no authentication, and because the IP addresses of UDP traffic can easily be spoofed any time memcached is erroneously exposed to the internet, it is an excellent reflector for anyone mounting a DDoS attack.

Although not meant to be internet-facing, Akamai estimates that there are about 50,000 servers that use the insecure default configuration, making them vulnerable for use in DDoS attacks. Memcached uses UDP port 11211 as default, so an immediate mitigation action on the part of service providers is to rate-limit and/or filter all traffic on that port.



Rik Turner, Principal Analyst, Infrastructure Solutions

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now