New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Steve Atkins steve at
Tue Feb 27 21:36:56 UTC 2018

> On Feb 27, 2018, at 1:16 PM, Eric Kuhnke <eric.kuhnke at> wrote:
> I question whether there is *any* high volume hoster out there that has a
> reputation for successfully addressing abuse issues coming from their
> customer base, and cuts off services...  By high volume hoster I define it
> as companies where anybody with a credit card can buy a $2 to $15/month
> VPS/VM in a fully automated process.
> OVH just happens to be one of the largest and probably ranks in the top 10
> worldwide by number of hypervisors and VPS. I doubt whether any of their
> 30-40 competitors that are smaller than them do much better, considering
> the ratio of clued and attentive staff to VMs.

OVH are worse than that. Floods of the same spam coming from the
*same IP addresses* for years at a time. Continuous probes. A total refusal
to police their network or even respond to reports of issues.

They're not a major source of abuse because of their size, it's because
they've chosen to be.


More information about the NANOG mailing list