Memcached is a free & open source, distributed memory object caching system. It is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.
How to secure Memcached
A Memcached report identifies hosts that have the Memcached key-value store running and accessible on the internet. Since this service does not allow authentication, any entity with access to the Memcached instance has full control over the key-value store, which can be exploited for DDoS attacks.
It's smart to change the firewall settings so that only trustworthy sources can bind to Memcached. The default port for Memcached is 11211/tcp. Once you've set up your firewall, run the following command to see if it's open.
Example of an OpenMemCached Server:
$ sudo nmap -sS -p 11211 -sV ip_address_here
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-16 15:13 CEST
Nmap scan report for xxxx.xxx.xxxx
Host is up (0.0072s latency).
PORT STATE SERVICE VERSION
11211/tcp open memcached Memcached 1.4.4
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.89 seconds
How to close it?
$ sudo ufw deny 11211
$ sudo firewall-cmd --zone=public --permanent --remove-port=11211/tcp
$ sudo firewall-cmd --reload