New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

• Previous message (by thread): New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
• Next message (by thread): New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 28, 2018 at 5:54 PM Job Snijders <job at ntt.net> wrote:

> On Tue, Feb 27, 2018 at 09:52:54PM +0000, Chip Marshall wrote:
> > On 2018-02-27, Ca By <cb.list6 at gmail.com> sent:
> > > Please do take a look at the cloudflare blog specifically as they
> > > name and shame OVH and Digital Ocean for being the primary sources
> > > of mega crap traffic
> > >
> > >
> https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
> > >
> > > Also, policer all UDP all the time... UDP is unsafe at any speed.
> >
> > Hi, DigitalOcean here. We've taken steps to mitigate this attack on
> > our network.
>
> NTT too has deployed rate limiters on all external facing interfaces on
> the GIN backbone - for UDP/11211 traffic - to dampen the negative impact
> of open memcached instances on peers and customers.
>
> The toxic combination of 'one spoofed packet can yield multiple reponse
> packets' and 'one small packet can yield a very big response' makes the
> memcached UDP protocol a fine example of double trouble with potential
> for severe operational impact.
>
> Kind regards,
>
> Job


Thanks Job. NTT is a very good internet steward, making common sense calls
.... not just sling bits by the kilo for $


>

• Previous message (by thread): New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
• Next message (by thread): New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]