perfsonar-announce - [perfsonar-announce] memcached exploits and your perfSONAR boxes
Subject: perfSONAR Announcements
List archive
- From: Andrew Lake <>
- To: , "" <>
- Subject: [perfsonar-announce] memcached exploits and your perfSONAR boxes
- Date: Thu, 1 Mar 2018 10:12:57 -0800
- Ironport-phdr: 9a23:uamllhXK3sqOPGl8I+hTBVEwhBrV8LGtZVwlr6E/grcLSJyIuqrYbBWGt8tkgFKBZ4jH8fUM07OQ7/i7HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba98IRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/XjcJ/g6xVrhG8qRJh34HZe5uaOOZkc67HZ94WWWhMU8BMXCJBGIO8aI4PAvIdMOZesob9vUUBrBWjDgeqHuzvySFHjWLx0KIg1eQuDAHH0Rc+ENIVqnjUqsv6NLsLXO2z0aLGwzLDb/ZM1jf87ojFah8hofCQXbJwbMre0lQvFxjbgVWKtYPlODWV1vgTvGid8+psT/6gi2kiqwx3vzOhxd8sh5HUio4LyV3I7yt0zJw6KNGlUkJ2YN2pHINOuy2GM4Z6WMAvTmFytCok1LELt4S3cDUOxZklwRPUduaJfJKS4h35UeacOTd4i2xheLK4nxuy/1avx+PmWsmwy1lKqjBJktbLtnATzxDT686HReVh/kq5xDqDyQPe5vtKLEwumqfXNoQtz78zm5YLtETMBC72mEH4jK+McUUk//Cl5P7hYrr7pp6RLJF7ihrkPqQohMO/Hfw0MhISUGiD5eS8yLrj8FXhQLpUlP02nLLZsJfcJcsBvK61GhVa0oAl6xa4Ejem1sgXkmccIVJBeRKHlJTpO0rQLPziDPe/hUisnylxx/DAILLhHovBImLdn7j8YLYuo3JbnRI+195E4JRdEPQIJvT0R0n6ufTZCAM0KQq537yhBdlgkstUQW+VDLSeNqrI9EKT6/gHIu+QaZUTtSqnbfUp+rSm2Wc0g1EGeq+gx94Kc32iNvVgP0iDZ3fw2JEMHXpc7SQkS+m/oVuOSzNML1K7XK90sjg9BJOOAJyFQI2x1u/SlBynF4FbMzgVQmuHFm3lIt2J
All, You have likely seen recent news about the UDP amplification attacks using memcached making the rounds the past couple days. perfSONAR does run memcached, but if you are running the firewall rules that ship with the perfSONAR toolkit or have separately installed the perfsonar-toolkit-security package you should be protected as the ports in question are blocked. This is hopefully most of you since these rules are installed by default with the toolkit. If you are NOT running our firewall rules you should verify UDP port 11211 is blocked on your system. You may also manually patch memcached to only listen on localhost by downloading a script put together by the perfSONAR project to update the config and restart memcached: wget https://raw.githubusercontent.com/perfsonar/toolkit/master/scripts/configure_memcached_security sudo bash configure_memcached_security This script will be included in our next bugfix release in the perfsonar-toolkit-security package and run automatically on install/update. This is ultimately the best solution since it is not reliant solely on the firewall. We were already planning to release this as the fact that memcached was listening on all ports was brought to our attention a couple weeks ago on this user list. It should also be noted Debian/Ubuntu hosts are not affected as the memcached package correctly listens on localhost by default. Please let us know if you have any questions. Thank you, The perfSONAR Development Team |
- [perfsonar-announce] memcached exploits and your perfSONAR boxes, Andrew Lake, 03/01/2018
Archive powered by MHonArc 2.6.19.