[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Subject: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
From: randy at psg.com (Randy Bush)
Date: Fri, 02 Mar 2018 08:51:41 +0900
In-reply-to: <941404612.1945.1519944752029.JavaMail.mhammett@ThunderFuck>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAB69EHiesH[email protected]> <[email protected]> <CAL9jLaadL=[email protected]> <[email protected]> <941404612.1945.1519944752029.JavaMail.mhammett@ThunderFuck>

> The defaults for Zimbra seem to be to listen everywhere all the time. 
> amidst all the hysterical pontification, i am having trouble finding any 
> release which has, by default, a port 11211 listener on any interface. 

sorry, i should have said "any operating system release"

yes, you can install memcached

yes, you can install some j random container which has memcached

yes, you can shoot yourself in the foot; welcome to the internet

my point was merely that the hysteria and grandstanding can cost a lot
of ops a bunch of time.  and folk should be aware that normal, simple,
vanilla environments will not be a source of reflection.

of course, they might be a target :)

randy

Follow-Ups:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: cheetahmorph at gmail.com (Jippen)

References:
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: eric.kuhnke at gmail.com (Eric Kuhnke)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: owen at delong.com (Owen DeLong)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: randy at psg.com (Randy Bush)
- New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
  - From: nanog at ics-il.net (Mike Hammett)

Prev by Date: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)
Next by Date: dnswl.org contact
Previous by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Next by thread: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Index(es):
- Date
- Thread