|
|
|
|
|
|
by manarth
3578 days ago
|
|
|
The services discussed - memcached, redis, etc - don't use HTTP. The attack is successful because the protocols follow the robustness principle of 'be liberal in what you accept', and simply ignore the HTTP cruft, but still process the command. For example: POST / HTTP/1.1 << Ignored Host: localhost:6379 << Ignored SET abc 123 << Processed QUIT << Processed |
|
|