[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
- Subject: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
- From: randy at psg.com (Randy Bush)
- Date: Fri, 02 Mar 2018 08:51:41 +0900
- In-reply-to: <941404612.1945.1519944752029.JavaMail.mhammett@ThunderFuck>
- References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAB69EHiesHKr=57HYgiupD1sdV=5HURuVeo4+CVKFhdg0ONriw@mail.gmail.com> <[email protected]> <CAL9jLaadL=D7C9S49eea1+gHDLY+NdpQy=2qDqfzVfrH36+-zg@mail.gmail.com> <[email protected]> <941404612.1945.1519944752029.JavaMail.mhammett@ThunderFuck>
> The defaults for Zimbra seem to be to listen everywhere all the time.
> amidst all the hysterical pontification, i am having trouble finding any
> release which has, by default, a port 11211 listener on any interface.
sorry, i should have said "any operating system release"
yes, you can install memcached
yes, you can install some j random container which has memcached
yes, you can shoot yourself in the foot; welcome to the internet
my point was merely that the hysteria and grandstanding can cost a lot
of ops a bunch of time. and folk should be aware that normal, simple,
vanilla environments will not be a source of reflection.
of course, they might be a target :)
randy