Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - steven

Pages: [1]
Installation / Memcached vulnerable
« on: March 04, 2018, 12:11:03 AM »
If you install memcached be careful as it gets configured to listen on public-facing interfaces by default.

It will respond to UDP requests on port 11211 which is capable of participating in a large-scale spoofed attacks claiming to be from the attack target.

Please consider reconfiguring in one or more of these ways:
1.   Adding a firewall rule to block all access to this host's UDP port 11211 at your network edge.
2.   Adding firewall rules to allow connections to this service (on UDP port 11211) from authorized endpoints but block connections from all other hosts.
3.   Adjusting the memcached instance to only listen on the local interface (localhost). To do this, you may need to follow these directions:


a. Open /etc/sysconfig/memcached in your favorite text editor.
b. Change the line currently reading OPTIONS="" to OPTIONS="-l"
c. Save the file and exit the editor.
d. Restart memcached with "systemctl restart memcached"

Pages: [1]