On 28 Feb 2018, at 5:26, Ca By wrote:
Just udp.
This Arbor Threat Summary discusses the TCP issue, as well, FWIW: <https://www.arbornetworks.com/blog/asert/memcached-reflection-amplification-description-ddos-attack-mitigation-recommendations/> 'It should also be noted that memcached priming queries can also be directed towards TCP/11211 on abusable memcached servers. TCP is not currently considered a high-risk memcached reflection/amplification transport as TCP queries cannot be reliably spoofed.' We also recommend implementing situationally-appropriate network access policies at the IDC edge which disallow unwanted UDP/11211 as well as TCP/11211 from reaching abusable memcached deployments. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>