Memcached 1.5.6 Release Notes
This is a bugfix release, but it primarily disables the UDP protocol by default.
In the last few days reports of UDP amplification attacks utilizing inesure
memcached instances have surfaced. Attackers are able to set large values into
memcached, then send requests via spoofed UDP packets. Memcached will then
send a very large number of very large UDP packets back in response.
12 years ago, the UDP version of the protocol had more widespread use: TCP
overhead could be very high. In the last few years, I’ve not heard of anyone
using UDP anymore. Proxies and special clients allow connection reuse, which
lowers the overhead. Also, RAM values are so large that TCP buffers just don’t
add up as much as they used to.
That said, I don’t have any way of knowing how many UDP installations there
are. Everyone who uses UDP and upgrades past this version, will find the UDP
protocol disabled unless they explicitly
Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/CRSoTzOhy1M/ReleaseNotes156