Public bug reported: Memcached is currently involved in some massive ddos attacks, see e.g.: https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
The UDP protocol of memcached can be abused for very effective DDoS amplification attacks and should therefore be considered dangerous. Upstream memcached has reacted to this by disabling UDP by default: https://github.com/memcached/memcached/wiki/ReleaseNotes156 In Ubuntu memcached by default only listens to 127.0.0.1, but enables UDP. While the localhost-only protects default settings, it's still only a minor change away from creating an effective DDoS tool for a protocol that is hardly in use today. I recommend that Ubuntu backports the upstream change and disables UDP by default. ** Affects: memcached (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1752831 Title: memcached should disable UDP by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/1752831/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
