[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Subject: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Thu, 1 Mar 2018 17:51:35 -0500
In-reply-to: <CAL9jLabA5+AJMEL9cKaTKXBpfRPfSfE+bxPeviPEd4UqZw18-A@mail.gmail.com>
References: <[email protected]> <CAD6AjGQx__RNnWADF=TnaUBjN+fVpezQpM9qmFMF_G0KSj3LrQ@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CAB69EHiesHKr=57HYgiupD1sdV=5HURuVeo4+CVKFhdg0ONriw@mail.gmail.com> <[email protected]> <CAL9jLaadL=D7C9S49eea1+gHDLY+NdpQy=2qDqfzVfrH36+-zg@mail.gmail.com> <[email protected]> <CAL9jLabA5+AJMEL9cKaTKXBpfRPfSfE+bxPeviPEd4UqZw18-A@mail.gmail.com>

On Thu, Mar 1, 2018 at 5:50 PM, Christopher Morrow <morrowc.lists at gmail.com>
wrote:

> pre install of memcache on a (debianXXX)
>

$ cat /etc/debian_version
9.3

(cut/paste fail before click-submit)


> Abort.
> morrowc at build:~$ netstat -anA inet | grep LIST
> tcp        0      0 192.110.255.61:53       0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:53            0.0.0.0:*
>  LISTEN
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:5432          0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:953           0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:5433          0.0.0.0:*
>  LISTEN
>
>
> run:
> apt-get install memcached
>
> now:
> morrowc at build:~$ netstat -anA inet | grep LIST
> tcp        0      0 192.110.255.61:53       0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:53            0.0.0.0:*
>  LISTEN
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:5432          0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:953           0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:5433          0.0.0.0:*
>  LISTEN
> tcp        0      0 127.0.0.1:11211         0.0.0.0:*
>  LISTEN
>
>
> fargh.
>
> On Thu, Mar 1, 2018 at 5:38 PM, Randy Bush <randy at psg.com> wrote:
>
>> > this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
>> > right? it's the only sane choice for 'fresh out of the box' network
>> > daemons: "Yes, it's running, yes I can healthcheck it locally to prove
>> > it's running"
>>
>> amidst all the hysterical pontification, i am having trouble finding any
>> release which has, by default, a port 11211 listener on any interface.
>>
>> randy
>>
>
>

References:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: eric.kuhnke at gmail.com (Eric Kuhnke)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: owen at delong.com (Owen DeLong)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: randy at psg.com (Randy Bush)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: morrowc.lists at gmail.com (Christopher Morrow)

Prev by Date: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Next by Date: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Previous by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Next by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Index(es):
- Date
- Thread