The defaults for Zimbra seem to be to listen everywhere all the time. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: "Christopher Morrow" <morrowc.lists@gmail.com> Cc: "North American Network Operators' Group" <nanog@nanog.org> Sent: Thursday, March 1, 2018 4:38:05 PM Subject: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks
this is sort of why openbsd listens only on 127.0.0.1/::1 by default, right? it's the only sane choice for 'fresh out of the box' network daemons: "Yes, it's running, yes I can healthcheck it locally to prove it's running"
amidst all the hysterical pontification, i am having trouble finding any release which has, by default, a port 11211 listener on any interface. randy