Package: memcached
Version: 1.4.33-1

Memcached is currently involved in some massive ddos attacks, see e.g.:

The UDP protocol of memcached can be abused for very effective DDoS
amplification attacks and should therefore be considered dangerous.
Upstream memcached has reacted to this by disabling UDP by default:

In Debian memcached by default only listens to, but enables
UDP. While the localhost-only protects default settings, it's still
only a minor change away from creating an effective DDoS tool for a
protocol that is hardly in use today. I recommend that you backport
the upstream change and disable UDP by default.

Reply via email to