Home Sign Up Sign In
miyuki

暴露在公网且默认开启了 UDP 的 memcached 被用来反射攻击

  •   
  •   miyuki · Mar 1, 2018 · 2791 views
    This topic created in 3000 days ago, the information mentioned may be changed or developed.

    https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

    memcached 默认情况下如未进行过安全配置会监听 INADDR_ANY,并且开启了 UDP 支持

    测试方法

    $ echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u 127.0.0.1 11211
STAT pid 21357
STAT uptime 41557034
STAT time 1519734962
...

    如果返回非空内容则你的版本会受影响,请检查是否将其暴露在公网

    memcached 2 月 27 日进行了更新,默认禁用掉了 UDP

    https://github.com/memcached/memcached/wiki/ReleaseNotes156

    No Comments Yet
    x00statMemcachedudp
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   1120 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 44ms · UTC 18:15 · PVG 02:15 · LAX 11:15 · JFK 14:15
    ♥ Do have faith in what you're doing.