This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Update: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
- Next message (by thread): [routing-wg] [SANOG] Update: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Barry Greene
bgreene at senki.org
Thu Mar 1 04:28:56 CET 2018
[The posting is sent to APOPS, AfNOG, SANOG, PacNOG, SAFNOG, CaribNOG, TZNOG, MENOG, SDNOG, LACNOG, IRNOG, MYNOG, SGOPS, and the RIPE Routing WG.] UPDATE: As of 2018-02-28, more attacks using the memcached reflection vector have been unleashed on the Internet. Operators are asked to port filter (Exploitable Port Filters), rate limits the port 11211 UDP traffic (ingress and egress), and clean up any memcached exposed to the Internet (iptables on UNIX works). These mitigations should be on IPv4 and IPv6! There is not excuse for ISPs, Telcos, and other operators for not acting. NTT is an example of action. As stated by Job Snijders <job at ntt.net <mailto:job at ntt.net>> on the NANOG List: “NTT too has deployed rate limiters on all external facing interfaces on the GIN backbone – for UDP/11211 traffic – to dampen the negative impact of open memcached instances on peers and customers. The toxic combination of ‘one spoofed packet can yield multiple reponse packets’ and ‘one small packet can yield a very big response’ makes the memcached UDP protocol a fine example of double trouble with potential for severe operational impact.” This post has been updated with recommendations. Check with your network vendors for deployment/configuration details. http://www.senki.org/memcached-on-port-11211-udp-tcp-being-exploited/ <http://www.senki.org/memcached-on-port-11211-udp-tcp-being-exploited/> ---------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/routing-wg/attachments/20180228/2d0cac6a/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: </ripe/mail/archives/routing-wg/attachments/20180228/2d0cac6a/attachment.sig>
- Next message (by thread): [routing-wg] [SANOG] Update: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]