[afnog] Memcrashed - Major amplification attacks from UDP port 11211
Amreesh Phokeer
amreesh.phokeer at gmail.com
Wed Feb 28 09:29:52 UTC 2018
Fresh from APRICOT:
https://2018.apricot.net/assets/files/APNT806/memcached_apricot.pdf
Mitigation:
- Again, BCP 38
- Make sure you don’t have open memcached port 11211/udp on your network
- Use firewalls or FlowSpec to filter 11211/udp
Cheers,
Amreesh
On Wed, Feb 28, 2018 at 11:16 AM, Daniel Shaw <daniel at afrinic.net> wrote:
> May be of interest to some (if not already seen):
>
> "Over last couple of days we've seen a big increase in an obscure
> amplification attack vector - using the memcached protocol, coming from UDP
> port 11211..."
>
> https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-
> port-11211/
>
> Cheers,
> Daniel
>
>
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
>
--
Amreesh Phokeer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20180228/b273b898/attachment.html>
More information about the afnog
mailing list