New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Mike Hammett nanog at ics-il.net
Thu Mar 1 22:52:36 UTC 2018


The defaults for Zimbra seem to be to listen everywhere all the time. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Randy Bush" <randy at psg.com> 
To: "Christopher Morrow" <morrowc.lists at gmail.com> 
Cc: "North American Network Operators' Group" <nanog at nanog.org> 
Sent: Thursday, March 1, 2018 4:38:05 PM 
Subject: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks 

> this is sort of why openbsd listens only on 127.0.0.1/::1 by default, 
> right? it's the only sane choice for 'fresh out of the box' network 
> daemons: "Yes, it's running, yes I can healthcheck it locally to prove 
> it's running" 

amidst all the hysterical pontification, i am having trouble finding any 
release which has, by default, a port 11211 listener on any interface. 

randy 




More information about the NANOG mailing list