New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
nanog at ics-il.net
Thu Mar 1 22:52:36 UTC 2018
The defaults for Zimbra seem to be to listen everywhere all the time.
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Randy Bush" <randy at psg.com>
To: "Christopher Morrow" <morrowc.lists at gmail.com>
Cc: "North American Network Operators' Group" <nanog at nanog.org>
Sent: Thursday, March 1, 2018 4:38:05 PM
Subject: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
> this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
> right? it's the only sane choice for 'fresh out of the box' network
> daemons: "Yes, it's running, yes I can healthcheck it locally to prove
> it's running"
amidst all the hysterical pontification, i am having trouble finding any
release which has, by default, a port 11211 listener on any interface.
More information about the NANOG