New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

K. Scott Helms kscotthelms at
Fri Mar 2 21:58:57 UTC 2018

They use separate service flows and layer 3 interfaces (usually) in DOCSIS
networks but they often use the same DNS infrastructure which is why I
piped up.

Scott Helms

On Mar 2, 2018 4:46 PM, "Michel 'ic' Luczak" <lists at> wrote:

The ones I know do so on private VLANs (or ATM circuits on DSL) so anyway
unrelated to any client’s address space. Also, french triple play ISPs use
RFC1918 space for IPTV but again isolated of any customer network so
doesn’t really matter.

> On 2 Mar 2018, at 22:18, K. Scott Helms <kscotthelms at> wrote:
> I won't comment on the sanity of doing so, but _many_ service providers
> EMTAs, ATAs, and other voice devices over RFC1918 space back to their

More information about the NANOG mailing list