Author Topic: Memcached vulnerable  (Read 4791 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Memcached vulnerable
« on: March 04, 2018, 12:11:03 AM »
If you install memcached be careful as it gets configured to listen on public-facing interfaces by default.

It will respond to UDP requests on port 11211 which is capable of participating in a large-scale spoofed attacks claiming to be from the attack target.

Please consider reconfiguring in one or more of these ways:
1.   Adding a firewall rule to block all access to this host's UDP port 11211 at your network edge.
2.   Adding firewall rules to allow connections to this service (on UDP port 11211) from authorized endpoints but block connections from all other hosts.
3.   Adjusting the memcached instance to only listen on the local interface (localhost). To do this, you may need to follow these directions:

On CentOS/RHEL,

a. Open /etc/sysconfig/memcached in your favorite text editor.
b. Change the line currently reading OPTIONS="" to OPTIONS="-l 127.0.0.1"
c. Save the file and exit the editor.
d. Restart memcached with "systemctl restart memcached"