New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
K. Scott Helms
kscotthelms at gmail.com
Fri Mar 2 21:18:37 UTC 2018
I won't comment on the sanity of doing so, but _many_ service providers use
EMTAs, ATAs, and other voice devices over RFC1918 space back to their core.
On Fri, Mar 2, 2018 at 4:11 PM, Mark Andrews <marka at isc.org> wrote:
> Are you insane. ISPs should never use RFC 1918 addresses for stuff that
> talks to their customers. They have no way of knowing which addresses the
> customers are using.
> Traffic from RFC 1918 addresses should be dropped by any sane border
> router which all routers connecting to a ISP are.
> Mark Andrews
> > On 2 Mar 2018, at 22:49, Bjørn Mork <bjorn at mork.no> wrote:
> > Owen DeLong <owen at delong.com> writes:
> >> I don’t agree that making RFC-1918 limitations a default in any daemon
> makes any
> >> sense whatsoever.
> > +1
> > One of the more annoying anti-features I know of in this regard is the
> > dnsmasq rebind "protection". It claims to protect web browsers on the
> > LAN against DNS rebind attacks. But the implementation does not
> > consider which adresses are used on the LAN at all. It simply blocks
> > any A record pointing to an RFC1918 address, making a few bogus
> > assumptions:
> > - IPv4 LAN addresses are selected from RFC1918
> > - RFC1918 addresses are never used on the WAN side of a CPE
> > - Noone use IPv6 on their LAN
> > It's hard to know how many users have been bitten by the first
> > one. You'd have to depend on this rebind "protection" in the first
> > place, and that would be.... stupid.
> > But the second assumption regularily bites end users when their ISP
> > provides some ISP internal service using RFC1918 addresses. Which of
> > is fine.
> > The anti-feature has been enabled by default in OpenWrt for a long time,
> > ref https://wiki.openwrt.org/doc/uci/dhcp#all_options , which means that
> > there is a large user base having this enabled without knowing.
> >> First, there are plenty of LANs out there that don’t use RFC-1918.
> >> Second, RFC-1918 doesn’t apply to IPv6 at all,
> > Could you try to explain that to the OpenWrt guys? Thanks
> > Bjørn
More information about the NANOG