New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
royce at techsolvency.com
Thu Mar 1 22:55:16 UTC 2018
On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush <randy at psg.com> wrote:
> > this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
> > right? it's the only sane choice for 'fresh out of the box' network
> > daemons: "Yes, it's running, yes I can healthcheck it locally to prove
> > it's running"
> amidst all the hysterical pontification, i am having trouble finding any
> release which has, by default, a port 11211 listener on any interface.
... for people using the OS package, and not compiling from source.
Upstream, until two days ago, the default was to listen on all interfaces.
The package maintainers were (thankfully) injecting additional sanity.
More information about the NANOG