On 03/01/2018 02:55 PM, Royce Williams wrote:
pstream, until two days ago, the default was to listen on all interfaces.
The package maintainers were (thankfully) injecting additional sanity.
Yes, they did, in commit dbb7a8af. Here is the commit comment:
disable UDP port by default
As reported, UDP amplification attacks have started to use insecure
internet-exposed memcached instances. UDP used to be a lot more popular as a
transport for memcached many years ago, but I'm not aware of many recent
Ten years ago, the TCP connection overhead from many clients was relatively
high (dozens or hundreds per client server), but these days many clients are
batched, or user fewer processes, or simply anre't worried about it.
While changing the default to listen on localhost only would also help, the
true culprit is UDP. There are many more use cases for using memcached over
the network than there are for using the UDP protocol.
--------------------------------- memcached.c ---------------------------------
index 88a5f2e..7178666 100644
But then you look at the changes in that commit: what makes this a
less-than-ideal change is that they didn't modify the default
configuration file to include "-U 0".
By defaulting their settings.udpport to zero in the C code, they
stop-punch the astonishment factor. By not changing the distribution
sysconfig file, though, they open a pitfall for those people who use
UDP. The problem? They could have put a warning in the default file so
that people who add OPTIONS="U 11211" would be told to firewall that UDP
port from the public internet at large.
(Then there is the case of people deploying memcached in the cloud,
which would incur additional difficulties. But that's another argument...)