nanog mailing list archives
Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Wed, 28 Feb 2018 06:10:27 +0700
On 28 Feb 2018, at 5:26, Ca By wrote:
Just udp.
This Arbor Threat Summary discusses the TCP issue, as well, FWIW: <https://www.arbornetworks.com/blog/asert/memcached-reflection-amplification-description-ddos-attack-mitigation-recommendations/>'It should also be noted that memcached priming queries can also be directed towards TCP/11211 on abusable memcached servers. TCP is not currently considered a high-risk memcached reflection/amplification transport as TCP queries cannot be reliably spoofed.'
We also recommend implementing situationally-appropriate network access policies at the IDC edge which disallow unwanted UDP/11211 as well as TCP/11211 from reaching abusable memcached deployments.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Barry Greene (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Chip Marshall (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Roland Dobbins (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Justin Paine via NANOG (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Dan Hollis (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Rich Kulawiec (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Denys Fedoryshchenko (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Grzegorz Janoszka (Feb 28)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Feb 28)