New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Roland Dobbins
rdobbins at arbor.net
Tue Feb 27 23:10:27 UTC 2018
On 28 Feb 2018, at 5:26, Ca By wrote:
> Just udp.
This Arbor Threat Summary discusses the TCP issue, as well, FWIW:
<https://www.arbornetworks.com/blog/asert/memcached-reflection-amplification-description-ddos-attack-mitigation-recommendations/>
'It should also be noted that memcached priming queries can also be
directed towards TCP/11211 on abusable memcached servers. TCP is not
currently considered a high-risk memcached reflection/amplification
transport as TCP queries cannot be reliably spoofed.'
We also recommend implementing situationally-appropriate network access
policies at the IDC edge which disallow unwanted UDP/11211 as well as
TCP/11211 from reaching abusable memcached deployments.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list