[Koha] DDoS attack on memcached
Chris Cormack
chrisc at catalyst.net.nz
Thu Mar 1 07:47:15 NZDT 2018
That will work, however unless you have configured your memcached server to listen on an external IP it will only be listening on localhost. It's worth checking both though.
Chris
On 1 March 2018 2:55:56 AM NZDT, Mark Alexander <marka at pobox.com> wrote:
>Apparently, a bug in memcached (which we use in Koha) causes it to be
>used an intermediary in a DDoS attack:
>
>https://arstechnica.com/information-technology/2018/02/in-the-wild-ddoses-use-new-way-to-achieve-unthinkable-sizes/
>
>I'm not an expert on this kind of thing by any means, but judging
>from this:
>
> https://github.com/memcached/memcached/wiki/ReleaseNotes156
>
>It seems that we can disable the attack by preventing memcached from
>listening on a UDP port. I was able to do this by adding the
>following lines to /etc/memcached.conf:
>
> # Disable UDP
> -U 0
>
>Then restarted memcached and apache2.
>
>My questions for the experts: Is this the correct approach? Is it even
>necessary?
>Is there more we should do?
>_______________________________________________
>Koha mailing list http://koha-community.org
>Koha at lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the Koha
mailing list