nanog mailing list archives
Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
From: Jippen <cheetahmorph () gmail com>
Date: Thu, 1 Mar 2018 16:43:26 -0800
The problem here is that you're not being shot in the foot, you're moving a semi full of ammo and parking it in front of my building. Collateral damage from other people being lazy with their servers is a pain. Oh, and this was used to set a new high water mark for 'Biggest DDoS' against github. 1.5 Tbps. So, its a pretty big deal. And that ignoring the additional vulnurability from just getting everything useful out of the memcached server, or continuously clearing the server to damage performance of the app relying on it. If your gun's default aiming position is at your foot, then there's a good argument to change the default. It doesn't solve the problem, but it helps. On Thu, Mar 1, 2018 at 3:51 PM, Randy Bush <randy () psg com> wrote:
The defaults for Zimbra seem to be to listen everywhere all the time. amidst all the hysterical pontification, i am having trouble finding any release which has, by default, a port 11211 listener on any interface.sorry, i should have said "any operating system release" yes, you can install memcached yes, you can install some j random container which has memcached yes, you can shoot yourself in the foot; welcome to the internet my point was merely that the hysteria and grandstanding can cost a lot of ops a bunch of time. and folk should be aware that normal, simple, vanilla environments will not be a source of reflection. of course, they might be a target :) randy
Current thread:
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Owen DeLong (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Jippen (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Owen DeLong (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Royce Williams (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Stephen Satchell (Mar 02)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mark Andrews (Mar 02)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
- Message not available
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
- <Possible follow-ups>
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Stephen Satchell (Mar 02)