Are our freepbx deployments affected by this new vulnerability?

Since the port in question in open on most of our firewalls since it’s in the RTP range?


I can’t imagine this being a problem. Although the port is open, once the attacker’s probes fail to find a memcached server, they’ll go searching for the next victim. A few garbage packets shouldn’t cause you any trouble.

Unless you have a huge system, you could choose a narrower range of RTP ports if desired. IMO ten ports per active call is plenty.

Thx for the reply Stewart!

This is a sales pitch. Note all references are 6 to 10 years old and they sell a “DDoS” protection product. Feels like selling a Y2K patch in 2010


This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.