[Koha] DDoS attack on memcached

Chris Cormack chrisc at catalyst.net.nz
Thu Mar 1 07:47:15 NZDT 2018


That will work, however unless you have configured your memcached server to listen on an external IP it will only be listening on localhost. It's worth checking both though.

Chris 

On 1 March 2018 2:55:56 AM NZDT, Mark Alexander <marka at pobox.com> wrote:
>Apparently, a bug in memcached (which we use in Koha) causes it to be
>used an intermediary in a DDoS attack:
>
>https://arstechnica.com/information-technology/2018/02/in-the-wild-ddoses-use-new-way-to-achieve-unthinkable-sizes/
>
>I'm not an expert on this kind of thing by any means, but judging
>from this:
>
>  https://github.com/memcached/memcached/wiki/ReleaseNotes156
>
>It seems that we can disable the attack by preventing memcached from
>listening on a UDP port.  I was able to do this by adding the
>following lines to /etc/memcached.conf:
>
>  # Disable UDP
>  -U 0
>
>Then restarted memcached and apache2.
>
>My questions for the experts: Is this the correct approach?  Is it even
>necessary?
>Is there more we should do?
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha at lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the Koha mailing list