[2161] in linux-security and linux-alert archive
[linux-security] Re: Port 7 scan
daemon@ATHENA.MIT.EDU (Trevor Johnson)
Thu Jun 10 01:46:04 1999
Date: Thu, 10 Jun 1999 00:19:30 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: "EW1 Coral J. Cook" <ccook@nosc.mil>
cc: linux-security@redhat.com
In-Reply-To: <000001beb28b$45c9bd80$3d96fdc6@fiwcdsd.navy.mil>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> Over the last several day, we've been getting pretty regular scans from a
> non-existant host on our port 7. Any idea what they are looking for/what are
> some of vulnerabilites with echo?
Hi, Coral. The problem is described at
http://www.netcraft.com/presentations/interop/dos.html:
A stereotypical attack would involve sending a udp packet to the
chargen port on a host with the packet's source port set to echo, and
the source address set to localhost, broadcast, or the address of
another host on the internet known to offer udp echo. Other udp
services such as daytime (port 13) and time (port 37) might also be
used as a basis for the attack.
Just comment out any unused services from your inetd.conf, send inetd
SIGHUP, and you should be fine.
__
Trevor Johnson
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
