perfsonar-user - Re: [perfsonar-user] memcached exploits and your perfSONAR boxes
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Hervey Allen <>
- To: Andrew Lake <>, "" <>
- Subject: Re: [perfsonar-user] memcached exploits and your perfSONAR boxes
- Date: Thu, 1 Mar 2018 15:25:26 -0800
- Ironport-phdr: 9a23:3EMdNhCtJpCk3pKGa+l1UyQJP3N1i/DPJgcQr6AfoPdwSPXzpMbcNUDSrc9gkEXOFd2Cra4c0KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUijexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJKiA38G/XhMx3j6xVrhyuqBN9zIHIb4+YL+Z+frrHcN8GWWZMUMRcWipcCY28dYsPCO8BMP5aoYbjvVsOswWxBAmxD+7zzj9IgmH53asn2OkmEQHJwhYgH8wQv3XUt9j1MrwSUfqpw6XSyjXDdfxW1C775YPVfB4hpvSMUqhxccrX0UQvERjFjk+MpoD/ODOVzOsNv3CU7+phSeKvi3MnpBpsoji02MgskJXGhoUTylDY6yp5xpo1KcekR058ZN6oCJVQuDuGOIRoWcwiRGZouCUgxrIavp67eS4Hw4kkyR7Hc/GLbYmF7g7hWeuUIjp1i25pdK66ihqs8kWtyfHwW8y73VtPqydIkcXAuW0D1xHW7sWIV+dx8V251TqR1g3f9uNJLEU3mKfUN5It3rs9moQPvUjeAiP7nVv6gaqKeUk59Oio5eHqb7Xkq5+SNoJ5jxvxProgmsOhBOk0LBQBU3Sf9Om6ybbt51f2QK9Qgf0ziqTZsI7VJcAcpqOhBg9ayIcj6xKlAzegy9QYh2UIIEhCeBKdgIjlI1DOIPbmAvejm1mgjjZmy+zEM7DkAZjAIWTPnKvkcLpj6ENRyxY/wNVQ6p9RD7wMI+7/VVL/tNHdChI2LhC4zPz/BNV4zIweWGaPAqGDMKPVtF+F/uIvLPeWZI8Lpjn8K+Mo5/j1jX8jhVARZ66p3YEYaHygBPRpP12ZYWbwgtcGCWoKphQxTPbkiF2ZVj5TYWy9X7gl6jEmE4KpE53DS5upgLyAxye7AoZWan5cBlCNF3foa5uLW+0KaC2MPs9tjCYIWqa8RI88hlmSs1rTzbZ9I/Wc3iQbuNq33d559sXejlc0+CAiS4zXy2yXQXpzmGoSAiIt0bpXoEphx02F3LQixfFUCJYbs+tESAkhMpjV1alnEN3ocgPHYtqTTlu6GJOrDSxnHfwrxNpbQ0tnBdizxjnH2yesS+sVmqaVCY0c9LnG1D72PckrmCWO77Uok1RzGpgHDmahnKMqrwU=
- Organization: Network Startup Resource Center
On 3/1/18 10:12 AM, Andrew Lake wrote:
> All,
>
> You have likely seen recent news about the UDP amplification attacks
> using memcached making the rounds the past couple days. perfSONAR does
> run memcached, but if you are running the firewall rules that ship with
> the perfSONAR toolkit or have separately installed the
> perfsonar-toolkit-security package you should be protected as the ports
> in question are blocked. This is hopefully most of you since these rules
> are installed by default with the toolkit.
>
> *If you are NOT running our firewall rules you should verify UDP port
> 11211 is blocked on your system. *You may also manually patch memcached
> to only listen on localhost by downloading a script put together by the
> perfSONAR project to update the config and restart memcached:
>
> wget
> https://raw.githubusercontent.com/perfsonar/toolkit/master/scripts/configure_memcached_security
> sudo bash configure_memcached_security
>
> This script will be included in our next bugfix release in the
> perfsonar-toolkit-security package and run automatically on
> install/update. This is ultimately the best solution since it is not
> reliant solely on the firewall. We were already planning to release this
> as the fact that memcached was listening on all ports was brought to our
> attention a couple weeks ago on this user list. It should also be noted
> Debian/Ubuntu hosts are not affected as the memcached package correctly
> listens on localhost by default.
>
Thank you Andrew!
We'll be teaching a workshop this coming weekend with the Testpoint
Bundle in use and this is a timely release.
- Hervey
> Please let us know if you have any questions.
>
> Thank you,
> The perfSONAR Development Team
>
>
>
--
Hervey Allen Assistant Director, Network Startup Resource Center
http://nsrc.org/ : http://facebook.com/nsrc.org
GPG Fingerprint: AC08 31CB E453 6C65 2AB3 4EDB CEEB 5A74 C6E5 624F
- [perfsonar-user] memcached exploits and your perfSONAR boxes, Andrew Lake, 03/01/2018
- Re: [perfsonar-user] memcached exploits and your perfSONAR boxes, Hervey Allen, 03/01/2018
Archive powered by MHonArc 2.6.19.