nanog mailing list archives

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

From: Royce Williams <royce () techsolvency com>
Date: Thu, 1 Mar 2018 13:55:16 -0900

On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush <randy () psg com> wrote:

this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
right? it's the only sane choice for 'fresh out of the box' network
daemons: "Yes, it's running, yes I can healthcheck it locally to prove
it's running"


amidst all the hysterical pontification, i am having trouble finding any
release which has, by default, a port 11211 listener on any interface.



... for people using the OS package, and not compiling from source.

Upstream, until two days ago, the default was to listen on all interfaces.

https://github.com/memcached/memcached/wiki/ReleaseNotes156

The package maintainers were (thankfully) injecting additional sanity.

Royce

Current thread:

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Eric Kuhnke (Mar 01)
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Owen DeLong (Mar 01)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Christopher Morrow (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mike Hammett (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Jippen (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Randy Bush (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Royce Williams (Mar 01)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Stephen Satchell (Mar 02)
  - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Bjørn Mork (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Mark Andrews (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
    - Message not available
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks K. Scott Helms (Mar 02)
    - Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Michel 'ic' Luczak (Mar 04)
- <Possible follow-ups>
- Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks Stephen Satchell (Mar 02)