I suppose that the use of this flush_all command is a bit like going on to a neighbour's property to put out a fire started by an unattended BBQ that's grown big enough to be threatening one's own. That is, the neighbour almost certainly will be grateful.
Cavalry riding to the rescue of DDoS-deluged memcached users
DDoS attacks taking advantage of ill-advised use of memcached have begun to decline, either because sysadmins are securing the process, or because people are using a potentially-troublesome “kill switch”. Memcached is a handy caching tool that can improve database performance but has no security controls because it was never …
COMMENTS
-
-
Monday 12th March 2018 07:07 GMT Voland's right hand
That is, the neighbour almost certainly will be grateful.
Not necessarily. ~10 years ago the kids next door successfully spilled petrol while siphoning it out dad's Nissan to fill up their motorcycles. Then they somehow managed to set it on fire. I got there just in time with a fire extinguisher to put it off. A few more seconds and it would have made a very nice caboom - the lids on car tank and the motorcycle tank were still off with fire burning nicely under the car. I put off and left it at that. They gave me "the evil eye" for the next 5 years until the whole family moved out (by that time one of the kids fledged and left).
Coming back to memcached - if you have someone antisocial enough to leave it in this state after all the publicity you should not expect him to react sanely after you issue the equivalent of "drop database" on him.
-
Monday 12th March 2018 07:29 GMT tip pc
What’s the difference
What’s the difference between someone causing your machine to send some traffic to a remote target consuming some bandwidth that you don’t notice and someone sending commands to your machine intentionally causing it to dramatically slow down?
You can guarantee all those that had no clue their machines where involved in ddos would be hugely pissed to find their machines now under attack from do gooders. You’ll find out how grateful they are when you get a visit by the police, or if in the US and your lucky, the fbi break down your door otherwise the local police come in guns blazing shooting first and asking questions later.
-
Monday 12th March 2018 17:49 GMT Ilsa Loving
Resp
>I suppose that the use of this flush_all command is a bit like going on to a neighbour's property to put out a fire started by an unattended BBQ that's grown big enough to be threatening one's own. That is, the neighbour almost certainly will be grateful.
I still remember when a long time ago a neighbour got his internet shut down because he had been infected with spamspewing malware. While I was troubleshooting exactly what was going on, he fumed about how none of this was his fault or his responsibility and his ISP should have protected him.
I told him his only option was to reformat his hard drive and there was nothing else I could do. I sure as hell wasn't going to help him for free.
So yeah, don't count on people stupid enough to set up an unsecured and unpatched memcached server to be thankful that their incompetence was called out.
Simple rules for setting up a server on the internet:
-Is it a backend server? Put it behind a firewall and set up network ACLs to restrict access to minimum required to function.
-does it assist a front-end server? Put it behind a firewall and set up network ACLs to restrict access to minimum required to function.
-Is it a front-end server? Put it behind a firewall and poke one hole the and set up network ACLs to restrict access to minimum required to function. AND also restrict public URLs to only the ones the public should use if your server provides separate maintenance/admin URLs.
-
-
-
-
-
-
Monday 12th March 2018 17:16 GMT Claptrap314
Re: Auto responders
The first guy to propose that got a visit from the FBI that resulted in him rolling up what to that point had been his livelihood. According to him, the FBI's real concern (which they did not explicitly state) appeared to involve the fact that at the time (mid-to-late nineties) that the NSA & the Chinese were in a daily competition to see who could do more hacking.
So, no. Computer hacking is on the list of rights exclusive to the State here in the US.
-
-
-
Monday 12th March 2018 14:13 GMT yoganmahew
Re: Slow?
@Brian
"It doesn't take that long to write good iptables rules."
You, my friend, have never worked for an enterprise! Useful work is measured in minutes of the day. Documentation, process, stories, agile-me-hole, fills the remainder of the week/month/quarter before you get through six sign-off milestones to production.
-
-