disable udp in default config to avoid memcrashed aplification attacks

author Elan Ruusamäe <glen@pld-linux.org>

Fri, 28 Dec 2018 09:18:42 +0000 (11:18 +0200)

committer Elan Ruusamäe <glen@pld-linux.org>

Fri, 28 Dec 2018 09:19:44 +0000 (11:19 +0200)
author Elan Ruusamäe <glen@pld-linux.org>
Fri, 28 Dec 2018 09:18:42 +0000 (11:18 +0200)
committer Elan Ruusamäe <glen@pld-linux.org>
Fri, 28 Dec 2018 09:19:44 +0000 (11:19 +0200)
diff --git a/memcached.sysconfig b/memcached.sysconfig

index 4157db19c942196adbe177a1a356a1354daa4404..089e9bf70c0a22f8209f54b97d74521ac2292c85 100644 (file)
--- a/memcached.sysconfig
+++ b/memcached.sysconfig
@@ -19,7 +19,10 @@ SERVICE_RUN_NICE_LEVEL="+0"
  LISTEN="127.0.0.1:11211"
  
  # other options not defined earlier
-#MEMCACHED_OPTS=""
+
+# -U 0 to disable UDP listen:
+#      https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
+MEMCACHED_OPTS="-U 0"
  
  # Set ulimit at least as high as MAXCONN
  #SERVICE_LIMITS="-n $MAXCONN"
author	Elan Ruusamäe <glen@pld-linux.org>
	Fri, 28 Dec 2018 09:18:42 +0000 (11:18 +0200)
committer	Elan Ruusamäe <glen@pld-linux.org>
	Fri, 28 Dec 2018 09:19:44 +0000 (11:19 +0200)