nanog mailing list archives

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

From: Justin Paine via NANOG <nanog () nanog org>
Date: Tue, 27 Feb 2018 14:31:54 -0800

Thanks Chip!

____________
Justin Paine
Head of Trust & Safety
Cloudflare Inc.
PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D


On Tue, Feb 27, 2018 at 1:52 PM, Chip Marshall <chip () 2bithacker net> wrote:

On 2018-02-27, Ca By <cb.list6 () gmail com> sent:

Please do take a look at the cloudflare blog specifically as they name and
shame OVH and Digital Ocean for being the primary sources of mega crap
traffic

https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Also, policer all UDP all the time... UDP is unsafe at any speed.


Hi, DigitalOcean here. We've taken steps to mitigate this attack on our network.

Also, we've only seen udp/11211 being a problem. I'd be interested to
hear of anyone seeing tcp/11211 attacks.

--
Chip Marshall <chip () 2bithacker net>
http://2bithacker.net/

Current thread:

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Barry Greene (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Steve Atkins (Feb 27)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Chip Marshall (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Roland Dobbins (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Justin Paine via NANOG (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 28)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Dan Hollis (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Rich Kulawiec (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Denys Fedoryshchenko (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Grzegorz Janoszka (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Feb 28)
  - Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Filip Hruska (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Steve Atkins (Feb 27)

(Thread continues...)