dnswatchdog.iodocs
Issues

Port 11211: Memcached

Open Memcached port detected on a publicly accessible host.

Severity: Critical | Port: 11211

What is Memcached?

Memcached is a high-performance, in-memory caching system used to speed up web applications by caching frequently accessed data (like database query results or API responses) in RAM. It listens on port 11211 and is designed for simplicity and speed.

Why this is a problem

Memcached has no authentication mechanism — anyone who can connect to port 11211 has full access to read, write, and delete cached data. Worse, exposed Memcached servers are commonly abused in DDoS amplification attacks. In 2018, Memcached amplification was used to launch the largest DDoS attack ever recorded at the time (1.7 Tbps). Attackers send small requests with a spoofed source IP, and Memcached responds with much larger payloads directed at the victim.

What you should do

  • Block port 11211 from the internet immediately
  • Bind Memcached to localhost or private network interfaces only (-l 127.0.0.1)
  • Disable the UDP protocol (-U 0) to prevent amplification attacks
  • Use firewall rules to restrict access to only the application servers that need it
  • Consider using a caching solution with authentication if multi-tenant access is needed

Port 9300: OpenSearch

Open OpenSearch port detected on a publicly accessible host.

Port 27017: MongoDB

Open MongoDB port detected on a publicly accessible host.

On this page

What is Memcached?Why this is a problemWhat you should do