Home / ubuntu / Questions / 1012607
Accepted
SDsolar
Asked: 2018-03-07 21:36:43 +0800 CST

How do I safely run memcached?

  • 772

We are seeing plenty of news coverage about these huge DDOS attacks originating from memcached servers that are exposed to the open Internet.

memcached is sometimes used to speed up performance for MySQL servers, reducing the need to go to disk for repetitive data lookups.

So the question is: How to safely run memcached in Ubuntu?

security memcached

1 Answers

  1. Best Answer

    In the past, UDP access was traditionally the way to access memcache database information because it was faster than TCP.

    UDP is not guaranteed-delivery, though, and overall throughput is faster these days, so the developers switched to TCP and introduced an authentication mechanism to prevent undesired traffic from overloading the servers.

    However, they did not similarly secure the UDP access mechanism, perhaps assuming nobody would use it.

    With all the recent attention this became a bug report:

    Bug #1752831 memcached should disable UDP by default

    and new versions will default to UDP being shut off.

    Also, patches are now available to disable UDP in existing systems.

    Many installations require thorough testing of new patches before releasing them to production systems so it will be some time before each of the 100,000 or so public-facing memcached servers (as found on Shodan) are upgraded or patched.

    So short of installing a patch which might have unknown effects, there is a simple way to shut it off in current installations safely.

    Securing Memcached on Ubuntu and Debian Servers

    Paraphrased excerpt:

    In the /etc/memcached.conf file, append the following line:

    -u 0

    This will not affect TCP access in any way, and does not require full-on testing of the new patch.

    • 0