[packages/memcached] disable udp in default config to avoid memcrashed aplification attacks
glen
glen at pld-linux.org
Fri Dec 28 10:25:06 CET 2018
commit 528eaeb2196d4f7bff22b6a0b90447ed75cfcbcb
Author: Elan Ruusamäe <glen at pld-linux.org>
Date: Fri Dec 28 11:18:42 2018 +0200
disable udp in default config to avoid memcrashed aplification attacks
https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
memcached.sysconfig | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
---
diff --git a/memcached.sysconfig b/memcached.sysconfig
index 4157db1..089e9bf 100644
--- a/memcached.sysconfig
+++ b/memcached.sysconfig
@@ -19,7 +19,10 @@ SERVICE_RUN_NICE_LEVEL="+0"
LISTEN="127.0.0.1:11211"
# other options not defined earlier
-#MEMCACHED_OPTS=""
+
+# -U 0 to disable UDP listen:
+# https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
+MEMCACHED_OPTS="-U 0"
# Set ulimit at least as high as MAXCONN
#SERVICE_LIMITS="-n $MAXCONN"
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/memcached.git/commitdiff/528eaeb2196d4f7bff22b6a0b90447ed75cfcbcb
More information about the pld-cvs-commit
mailing list