<div dir="ltr">Fresh from APRICOT:<div><br></div><div><a href="https://2018.apricot.net/assets/files/APNT806/memcached_apricot.pdf">https://2018.apricot.net/assets/files/APNT806/memcached_apricot.pdf</a><br></div><div><br></div><div>Mitigation:</div><div>- Again, BCP 38</div><div>- Make sure you don’t have
open memcached port 11211/udp on your network</div><div>- Use firewalls or FlowSpec to filter 11211/udp<br></div><div><br></div><div>Cheers,</div><div>Amreesh</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 28, 2018 at 11:16 AM, Daniel Shaw <span dir="ltr"><<a href="mailto:daniel@afrinic.net" target="_blank">daniel@afrinic.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">May be of interest to some (if not already seen):<br>
<br>
"Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211..."<br>
<br>
<a href="https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/" rel="noreferrer" target="_blank">https://blog.cloudflare.com/<wbr>memcrashed-major-<wbr>amplification-attacks-from-<wbr>port-11211/</a><br>
<br>
Cheers,<br>
Daniel<br>
<br>
<br>
______________________________<wbr>_________________<br>
afnog mailing list<br>
<a href="https://www.afnog.org/mailman/listinfo/afnog" rel="noreferrer" target="_blank">https://www.afnog.org/mailman/<wbr>listinfo/afnog</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Amreesh Phokeer<br></div>
</div>