[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[linux-security] Re: Port 7 scan

From: Trevor Johnson <trevor jpj net>
To: "EW1 Coral J. Cook" <ccook nosc mil>
Cc: linux-security redhat com
Subject: [linux-security] Re: Port 7 scan
Date: Thu, 10 Jun 1999 00:19:30 -0400 (EDT)

> Over the last several day, we've been getting pretty regular scans from a
> non-existant host on our port 7. Any idea what they are looking for/what are
> some of vulnerabilites with echo?

Hi, Coral.  The problem is described at
http://www.netcraft.com/presentations/interop/dos.html:

   A stereotypical attack would involve sending a udp packet to the
   chargen port on a host with the packet's source port set to echo, and
   the source address set to localhost, broadcast, or the address of
   another host on the internet known to offer udp echo. Other udp
   services such as daytime (port 13) and time (port 37) might also be
   used as a basis for the attack.

Just comment out any unused services from your inetd.conf, send inetd
SIGHUP, and you should be fine.
__
Trevor Johnson

References:
- Port 7 scan
  - From: EW1 Coral J. Cook

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]