Security researcher Amir Khashayar Mohammadi has released today a new tool named Memfixed that can help victims of DDoS attacks carried out via Memcached servers.
The tool, written in Python, was coded around a mitigation technique put forward by a developer on the Memcached project, but also verified by DDoS mitigation firm Corero.
The mitigation technique consists of sending a "flush_all" command to a Memcached server that is attacking a victim's network, part of a larger DDoS attack.
Memfixed automates Memcached DDoS mitigation
Mohammadi created Memfixed to automate the mitigation process. A victim can use Memfixed to send a "flush_all" command to each IP in part, or to a group of multiple attacking IPs.
The flush_all command wipes a Memcached server's cached memory, including the malicious payload that is executing the DDoS attack.
Memfixed also supports sending a "shutdown" command to attacking servers, but we advise against using this method, as it's illegal because you're actually shutting down another company's server, and may inadvertently damage its operations.