[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
- Subject: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
- From: job at ntt.net (Job Snijders)
- Date: Thu, 1 Mar 2018 01:52:48 +0000
- In-reply-to: <[email protected]>
- References: <[email protected]> <CAD6AjGQx__RNnWADF=TnaUBjN+fVpezQpM9qmFMF_G0KSj3LrQ@mail.gmail.com> <[email protected]>
On Tue, Feb 27, 2018 at 09:52:54PM +0000, Chip Marshall wrote:
> On 2018-02-27, Ca By <cb.list6 at gmail.com> sent:
> > Please do take a look at the cloudflare blog specifically as they
> > name and shame OVH and Digital Ocean for being the primary sources
> > of mega crap traffic
> > https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
> > Also, policer all UDP all the time... UDP is unsafe at any speed.
> Hi, DigitalOcean here. We've taken steps to mitigate this attack on
> our network.
NTT too has deployed rate limiters on all external facing interfaces on
the GIN backbone - for UDP/11211 traffic - to dampen the negative impact
of open memcached instances on peers and customers.
The toxic combination of 'one spoofed packet can yield multiple reponse
packets' and 'one small packet can yield a very big response' makes the
memcached UDP protocol a fine example of double trouble with potential
for severe operational impact.