[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Subject: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
From: nanog at ics-il.net (Mike Hammett)
Date: Thu, 1 Mar 2018 16:52:36 -0600 (CST)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAB69EHiesHKr=57HYgiupD1sdV=5HURuVeo4+CVKFhdg0ONriw@mail.gmail.com> <[email protected]> <CAL9jLaadL=D7C9S49eea1+gHDLY+NdpQy=2qDqfzVfrH36+-zg@mail.gmail.com> <[email protected]>

The defaults for Zimbra seem to be to listen everywhere all the time. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Randy Bush" <randy at psg.com> 
To: "Christopher Morrow" <morrowc.lists at gmail.com> 
Cc: "North American Network Operators' Group" <nanog at nanog.org> 
Sent: Thursday, March 1, 2018 4:38:05 PM 
Subject: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks 

> this is sort of why openbsd listens only on 127.0.0.1/::1 by default, 
> right? it's the only sane choice for 'fresh out of the box' network 
> daemons: "Yes, it's running, yes I can healthcheck it locally to prove 
> it's running" 

amidst all the hysterical pontification, i am having trouble finding any 
release which has, by default, a port 11211 listener on any interface. 

randy

Follow-Ups:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: randy at psg.com (Randy Bush)

References:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: eric.kuhnke at gmail.com (Eric Kuhnke)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: owen at delong.com (Owen DeLong)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: randy at psg.com (Randy Bush)

Prev by Date: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Next by Date: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Previous by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Next by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Index(es):
- Date
- Thread