UPDATE: As of 2018-02-28, more attack using the memcached reflection vector have been unleashed on the Internet. Operators are asked to port filter (Exploitable Port Filters), rate limits the port 11211 UDP traffic (ingress and egress), and clean up any memcached exposed to the Internet (iptables on UNIX works). These mitigations should be on IPv4 and IPv6! There is not excuse for ISPs, Telcos, and other operators for not acting. NTT is an example of action. As stated by Job Snijders <job@ntt.net> on the NANOG List:
This post has been updated with recommendations. Check with your network vendors for deployment/configuration details.
|
Attachment:
signature.asc
Description: Message signed with OpenPGP