Open Memcached Report

LAST UPDATED: 2022-08-29

This report identifies hosts that have the Memcached key-value store running and accessible on the Internet.

Since this service does not support authentication, any entity that can access the Memcached instance can have complete control over the key-value store. In addition, instances of Memcached that are accessible via UDP may be abused in amplification-style denial of service attacks.

See memcached.org for more information about Memcached.

For more details behind the scan methodology and a daily update of global Memcached scan statistics please visit our dedicated Memcached scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filenames: scan_memcached

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the Memcached response came on (TCP/UDP)
  • port
    Port that the Memcached response came from (usually 11211)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be memcached
  • version
    Memcached version number
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • pid
    Process ID (PID) of the running Memcached server instance
  • pointer_size
    The system architecture (32 or 64 bits)
  • uptime
    Number of seconds since Memcached server start
  • time
    The current time and date (in UTC) that Memcached thinks it is at the time the server was probed
  • curr_connections
    The current number of client connections to the Memcached server
  • total_connections
    The total number of client connections to the Memcached server since it was last restarted
  • response_size
    Response size in bytes
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","sic","pid","pointer_size","uptime","time","curr_connections","total_connections","sector","response_size","amplification"
"2010-02-10 00:00:00",192.168.0.1,udp,11211,node01.example.com,memcached,1.4.34,64512,ZZ,Region,City,0,0,28939,64,5226637,,16,123,Government,1370,97.86
"2010-02-10 00:00:01",192.168.0.2,udp,11211,node02.example.com,memcached,1.4.15,64512,ZZ,Region,City,0,0,770,64,4341315,"2022-08-17 14:11:00",10,1525,"Communications, Service Provider, and Hosting Service",1114,79.57
"2010-02-10 00:00:02",192.168.0.3,tcp,11211,node03.example.com,memcached,1.6.15,64512,ZZ,Region,City,0,0,1430,64,947944,,2,283,,,

Our 130 Report Types