Skip to Content.
Sympa Menu

perfsonar-announce - [perfsonar-announce] memcached exploits and your perfSONAR boxes

Subject: perfSONAR Announcements

List archive

[perfsonar-announce] memcached exploits and your perfSONAR boxes


Chronological Thread 
  • From: Andrew Lake <>
  • To: , "" <>
  • Subject: [perfsonar-announce] memcached exploits and your perfSONAR boxes
  • Date: Thu, 1 Mar 2018 10:12:57 -0800
  • Ironport-phdr: 9a23:uamllhXK3sqOPGl8I+hTBVEwhBrV8LGtZVwlr6E/grcLSJyIuqrYbBWGt8tkgFKBZ4jH8fUM07OQ7/i7HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba98IRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/XjcJ/g6xVrhG8qRJh34HZe5uaOOZkc67HZ94WWWhMU8BMXCJBGIO8aI4PAvIdMOZesob9vUUBrBWjDgeqHuzvySFHjWLx0KIg1eQuDAHH0Rc+ENIVqnjUqsv6NLsLXO2z0aLGwzLDb/ZM1jf87ojFah8hofCQXbJwbMre0lQvFxjbgVWKtYPlODWV1vgTvGid8+psT/6gi2kiqwx3vzOhxd8sh5HUio4LyV3I7yt0zJw6KNGlUkJ2YN2pHINOuy2GM4Z6WMAvTmFytCok1LELt4S3cDUOxZklwRPUduaJfJKS4h35UeacOTd4i2xheLK4nxuy/1avx+PmWsmwy1lKqjBJktbLtnATzxDT686HReVh/kq5xDqDyQPe5vtKLEwumqfXNoQtz78zm5YLtETMBC72mEH4jK+McUUk//Cl5P7hYrr7pp6RLJF7ihrkPqQohMO/Hfw0MhISUGiD5eS8yLrj8FXhQLpUlP02nLLZsJfcJcsBvK61GhVa0oAl6xa4Ejem1sgXkmccIVJBeRKHlJTpO0rQLPziDPe/hUisnylxx/DAILLhHovBImLdn7j8YLYuo3JbnRI+195E4JRdEPQIJvT0R0n6ufTZCAM0KQq537yhBdlgkstUQW+VDLSeNqrI9EKT6/gHIu+QaZUTtSqnbfUp+rSm2Wc0g1EGeq+gx94Kc32iNvVgP0iDZ3fw2JEMHXpc7SQkS+m/oVuOSzNML1K7XK90sjg9BJOOAJyFQI2x1u/SlBynF4FbMzgVQmuHFm3lIt2J

All,

You have likely seen recent news about the UDP amplification attacks using memcached making the rounds the past couple days. perfSONAR does run memcached, but if you are running the firewall rules that ship with the perfSONAR toolkit or have separately installed the perfsonar-toolkit-security package you should be protected as the ports in question are blocked. This is hopefully most of you since these rules are installed by default with the toolkit. 

If you are NOT running our firewall rules you should verify UDP port 11211 is blocked on your system. You may also manually patch memcached to only listen on localhost by downloading a script put together by the perfSONAR project to update the config and restart memcached:

This script will be included in our next bugfix release in the perfsonar-toolkit-security package and run automatically on install/update. This is ultimately the best solution since it is not reliant solely on the firewall. We were already planning to release this as the fact that memcached was listening on all ports was brought to our attention a couple weeks ago on this user list. It should also be noted Debian/Ubuntu hosts are not affected as the memcached package correctly listens on localhost by default. 

Please let us know if you have any questions.

Thank you,
The perfSONAR Development Team
 




  • [perfsonar-announce] memcached exploits and your perfSONAR boxes, Andrew Lake, 03/01/2018

Archive powered by MHonArc 2.6.19.

Top of Page