New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Royce Williams royce at techsolvency.com
Thu Mar 1 22:55:16 UTC 2018


On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush <randy at psg.com> wrote:
>
> > this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
> > right? it's the only sane choice for 'fresh out of the box' network
> > daemons: "Yes, it's running, yes I can healthcheck it locally to prove
> > it's running"
>
> amidst all the hysterical pontification, i am having trouble finding any
> release which has, by default, a port 11211 listener on any interface.


... for people using the OS package, and not compiling from source.

Upstream, until two days ago, the default was to listen on all interfaces.

https://github.com/memcached/memcached/wiki/ReleaseNotes156

The package maintainers were (thankfully) injecting additional sanity.

Royce



More information about the NANOG mailing list