How can I secure an Open Memcached Server?

Memcached is a free & open source, distributed memory object caching system. It is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

How to secure Memcached

A Memcached report identifies hosts that have the Memcached key-value store running and accessible on the internet. Since this service does not allow authentication, any entity with access to the Memcached instance has full control over the key-value store, which can be exploited for DDoS attacks.

It's smart to change the firewall settings so that only trustworthy sources can bind to Memcached. The default port for Memcached is 11211/tcp. Once you've set up your firewall, run the following command to see if it's open.

 

Example of an OpenMemCached Server:

$ sudo nmap -sS -p 11211 -sV ip_address_here
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-16 15:13 CEST
Nmap scan report for xxxx.xxx.xxxx

Host is up (0.0072s latency).
PORT      STATE SERVICE   VERSION
11211/tcp open  memcached Memcached 1.4.4

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.89 seconds

 

How to close it?

Debian:

$ sudo ufw deny 11211

 

CentOS:

$ sudo firewall-cmd --zone=public --permanent --remove-port=11211/tcp
$ sudo firewall-cmd --reload
Have more questions? Submit a request

0 Comments

Article is closed for comments.