New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Steve Atkins steve at
Wed Feb 28 00:38:18 UTC 2018

> On Feb 27, 2018, at 4:29 PM, Filip Hruska <fhr at> wrote:
> This is just stupid.   
> OVH is one of the largest server providers in the world - of course they will be at the top of that list.   
> What exactly should they do, according to you?

Read their [email protected] alias. Shut down those customers who are being abusive.
Currently they do neither. Every so often they'll privately admit that they've been
doing an unconscionably bad job of mitigating abuse from their networks and
promise to do better, then don't.

Given some of their customers have been consistently abusive for years from the same
domain and the same IP address the problem isn't "Oh, the bad people keep
signing up with new credit cards! Oh, poor us!" or any other reasoning based on
being a large, inexpensive provider.

> Why should people de-peer them?   

If the overall cost of the bad traffic exceeds the benefit of the good traffic. I'm
sure it doesn't, but that people are even suggesting it is telling.


More information about the NANOG mailing list