New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Christopher Morrow
morrowc.lists at gmail.com
Thu Mar 1 22:51:35 UTC 2018
On Thu, Mar 1, 2018 at 5:50 PM, Christopher Morrow <morrowc.lists at gmail.com>
wrote:
> pre install of memcache on a (debianXXX)
>
$ cat /etc/debian_version
9.3
(cut/paste fail before click-submit)
> Abort.
> morrowc at build:~$ netstat -anA inet | grep LIST
> tcp 0 0 192.110.255.61:53 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:53 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:5432 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:953 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:5433 0.0.0.0:*
> LISTEN
>
>
> run:
> apt-get install memcached
>
> now:
> morrowc at build:~$ netstat -anA inet | grep LIST
> tcp 0 0 192.110.255.61:53 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:53 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:5432 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:953 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:5433 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:11211 0.0.0.0:*
> LISTEN
>
>
> fargh.
>
> On Thu, Mar 1, 2018 at 5:38 PM, Randy Bush <randy at psg.com> wrote:
>
>> > this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
>> > right? it's the only sane choice for 'fresh out of the box' network
>> > daemons: "Yes, it's running, yes I can healthcheck it locally to prove
>> > it's running"
>>
>> amidst all the hysterical pontification, i am having trouble finding any
>> release which has, by default, a port 11211 listener on any interface.
>>
>> randy
>>
>
>
More information about the NANOG
mailing list