[unisog] Echo and Chargen

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 21 22:20:49 GMT 2003


On Tue, 21 Jan 2003 11:48:18 PST, Steve VanDevender said:

> Well, according to /etc/services:
> 
> echo            7/tcp           
> echo            7/udp   
> chargen         19/tcp          ttytst
> chargen         19/udp          ttytst
> 
> These ports are frequently left open in the default inetd.conf in many
> operating systems, although it's been recommended to disable these for a
> long time now.  In particular the offering of the UDP versions of the
> services makes it easy to forge UDP packets to use systems that provide
> these services as reflectors for DoS attacks.

Or to DoS you trivially.  In the days before really good ingress/egress
filtering (which means, today too), you'd occasionally see somebody who
thought it was funny to send a forged packet:

source IP:    127.0.0.1
source port:          9   (discard)
source IP:    127.0.0.1
dest port:           19   (chargen)
dest IP:      insert victim here

Whee! Watch the CPU get toasty warm.....

Moral:  Don't accept packet with your loopback interface from any interface
except loopback.. ;)
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030121/af48cc66/attachment-0007.bin


More information about the unisog mailing list