As you know, memcache is a cache system developed for writing data to ram memory on the server and listens on port 11211.

As of February 24, attacks on memcached started to be reported frequently and the number of attacks is increasing day by day. Mitigating this type of attack can be done in several ways, but the simplest is to turn off udp on source port 11211. Alternative solution

We open the /etc/sysconfig/memcached file with text
We change the section that says OPTIONS=”” to OPTIONS=”-l 127.0.0.1″.
We save the file
We restart memcached with the command /etc/init.d/memcached restartt.
Steps to be taken for security:
Before following the steps on the Memcache side, you should restrict access to TCP/UDP 11211 port on the firewall. Some architectures may require external access to Memcache. For this, you must create rules on IPtables (firewalld in CentOS 7.x).

Use the following lines for access permission
iptables -I INPUT -p tcp -s X.X.X.X –dport 11211 -j ACCEPT
iptables -I INPUT -p udp -s X.X.X.X –dport 11211 -j ACCEPT

Type the IP addresses that will access X.X.X.X. Make sure the ACCEPT rules are above the DROP rules when adding the rules.

Then, disable the public access of this port using the following lines.

iptables -I INPUT -p tcp -s 0.0.0.0/0 –dport 11211 -j DROP
iptables -I INPUT -p udp -s 0.0.0.0/0 –dport 11211 -j DROP

Note: Check the rule order with the output of iptables -L at the end of this process. If the DROP rules are before ACCEPT you may run into problems. You should have your ACCEPT rules at the top and your DROP rules at the bottom.

Since Memcache is a structure that can be run on Windows, the necessary config arrangement must be made on Windows servers as well. You should also make listening from Local IP via the config in Windows and drop all other requests by defining the scope (Whitelist IP) for port 11211 via Windows Firewall.