The Shadowserver Foundation Memchached key-value Store Scanning Project
OVERVIEW
MEMCACHEDSCAN.SHADOWSERVER.ORG TRAFFIC
Date Range
Date Range
Date Range
LINKS TO WEBSITE
WHAT DOES MEMCACHEDSCAN.SHADOWSERVER.ORG LOOK LIKE?
MEMCACHEDSCAN.SHADOWSERVER.ORG SERVER
SERVER SOFTWARE
We identified that this website is implementing the Apache/2.4.18 (Ubuntu) server.SITE TITLE
The Shadowserver Foundation Memchached key-value Store Scanning ProjectDESCRIPTION
Open Memcached Key-Value Store Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network andor poking at the Memcached server service. This service does not support authentication which means any entity that can access the Memcached instance can have complete control over the key-value store. Memcached servers that we have found to be accessible have been incorporated into our reports. And are being reported on a daily basis.PARSED CONTENT
The website memcachedscan.shadowserver.org states the following, "Open Memcached Key-Value Store Scanning Project." I analyzed that the website said " If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network andor poking at the Memcached server service." They also stated " This service does not support authentication which means any entity that can access the Memcached instance can have complete control over the key-value store. Memcached servers that we have found to be accessible have been incorporated into our reports. And are being reported on a daily basis."ANALYZE OTHER WEBSITES
Authentication is available for MongoDB, however, we have found that in the majority of installations authentication is not enabled. Without authentication, the MongoDB instance can be completely accessed by anyone. And are being reported on a daily basis.
Open MS-SQL Server Resolution Service Scanning Project. Servers that are configured this way have been incorporated into our reports. And are being reported on a daily basis.
Information on these vulnerable devices has been incorporated into our reports. And are being reported on a daily basis. For hints on decoding the response.
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have NetBIOS running and answering Name Resolution queries. The goal of this project is to identify openly accessible NetBIOS services and report them back to the network owners for remediation.
As was recently reported by Trend Micro. Information on these vulnerable devices has been incorporated into our reports. And are being reported on a daily basis. We are querying all computers with routable IPv4 .