nanog mailing list archives

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

From: Mike Hammett <nanog () ics-il net>
Date: Thu, 1 Mar 2018 16:52:36 -0600 (CST)

The defaults for Zimbra seem to be to listen everywhere all the time. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Randy Bush" <randy () psg com> 
To: "Christopher Morrow" <morrowc.lists () gmail com> 
Cc: "North American Network Operators' Group" <nanog () nanog org> 
Sent: Thursday, March 1, 2018 4:38:05 PM 
Subject: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

this is sort of why openbsd listens only on 127.0.0.1/::1 by default, 
right? it's the only sane choice for 'fresh out of the box' network 
daemons: "Yes, it's running, yes I can healthcheck it locally to prove 
it's running"


amidst all the hysterical pontification, i am having trouble finding any 
release which has, by default, a port 11211 listener on any interface. 

randy

Current thread:

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Owen DeLong (Mar 01)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Jippen (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Royce Williams (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Stephen Satchell (Mar 02)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Bjørn Mork (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mark Andrews (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
    - Message not available
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Michel 'ic' Luczak (Mar 04)

(Thread continues...)