Anyone run memcache outside their network to be able to get attacked like this? To be services like memcache, db, etc should all be internal use only and never allowed access from the outside.
There's a lot of people install memcached without realising it listens on all addresses by default. If you install it and run it via whatever system your OS/distro uses, you'd never need to look at the man page so you wouldn't find this out.
I was caught up in this, but luckily my hosting provider (MediaTemple) disabled my server due to the large bandwidth overruns.
It was fun to spend Sunday night hurriedly reading up on iptables. Still getting a lot of inbound traffic (everything is getting dropped), but thankfully no outbound now.