nanog mailing list archives

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

From: "Roland Dobbins" <rdobbins () arbor net>
Date: Wed, 28 Feb 2018 06:10:27 +0700


On 28 Feb 2018, at 5:26, Ca By wrote:

Just udp.


This Arbor Threat Summary discusses the TCP issue, as well, FWIW:

<https://www.arbornetworks.com/blog/asert/memcached-reflection-amplification-description-ddos-attack-mitigation-recommendations/>

'It should also be noted that memcached priming queries can also bedirected towards TCP/11211 on abusable memcached servers. TCP is notcurrently considered a high-risk memcached reflection/amplificationtransport as TCP queries cannot be reliably spoofed.'

We also recommend implementing situationally-appropriate network accesspolicies at the IDC edge which disallow unwanted UDP/11211 as well asTCP/11211 from reaching abusable memcached deployments.


-----------------------------------
Roland Dobbins <rdobbins () arbor net>

Current thread:

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Barry Greene (Feb 27)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Steve Atkins (Feb 27)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Chip Marshall (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Roland Dobbins (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Justin Paine via NANOG (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Ca By (Feb 28)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Dan Hollis (Feb 27)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Rich Kulawiec (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Job Snijders (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Denys Fedoryshchenko (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Grzegorz Janoszka (Feb 28)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Feb 28)
  - Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Filip Hruska (Feb 27)

(Thread continues...)