After reading about Github DDoS incident <https://githubengineering.com/ddos-incident-report/> I found out more about on this Cloudflare post <https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/> where states:
echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u 127.0.0.1 11211 If you see non-empty response (like the one above), your server is vulnerable.
And it is, but testing from outside: nmap *TARGET* -p 11211 -sU -sS --script memcached-info in my case (a Koha fresh install with memcached) ports are closed/filtered, seems secure because of the firewall and this line on default /etc/memcached.conf # Specify which IP address to listen on. The default is to listen on all IP addresses # This parameter is one of the only security measures that memcached has, so make sure # it's listening on a firewalled interface. -l 127.0.0.1 So nothing to worry about, right? Regards, Pablo