Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Mar 2018 12:44:28 +0100
From: Hanno Böck <>
Subject: memcached UDP amplification attacks


In the past days there have been reports about some DDoS attacks
abusing the memcached UDP protocol:

The issue: memcached has an UDP protocol that allows getting a much
larger reply than the query sent, thus allowing amplification attacks
with forged sender IPs.

Upstream memcached reacted by disabling the UDP-based protocol by
This is good, however one could argue that they should also default to
localhost only.

Most distros I checked right now default to enabling UDP, but
restricting connections to While this is not directly
vulnerable it's only a minor change away from being so. The memcached
announcement sounds like the UDP protocol is rarely used and should be
considered deprecated and replaced by the TCP-based one.

I recommend all distributions consider changing their defaults to
disabling the UDP-based memcached protocol by default.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ