i just read about memcached ddos post in here https://www.cloudflare.com/learning/ddos/memcached-ddos-attack/ . According to that, A memcached attack occurs in 4 steps:
- An attacker implants a large payload* of data on an exposed memcached server.
- Next the attacker spoofs an [HTTP GET]request with the [IP address] of the targeted victim.
- The vulnerable memcached server that receives the request, which is trying to be helpful by responding, sends a large response to the target.
- The targeted server or its surrounding infrastructure is unable to process the large amount of data sent from the memcached server, resulting in overload and denial-of-service to legitimate requests.
In step 2 , How to attacker spoofs an HTTP request with the [IP address] of the targeted victim? i think can not spoof. Other way, read POC in github https://github.com/649/Memcrashed-DDoS-Exploit/blob/master/Memcrashed.py , attacker only use UDP . Can anyone explain for me ? Thanks