| VID |
11004 |
| Severity |
30 |
| Port |
7 |
| Protocol |
TCP,UDP |
| Class |
DOS |
| Detailed Description |
The echo service is running.
Echo, chargen, time and daytime, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
For example, by connecting a host's chargen service to the echo service on the same or another machine, all affected machines may be effectively taken out of service because of the excessively high number of packets produced. In addition, if two or more hosts are so connected, the intervening network may also become congested and deny service to all hosts whose traffic traverses that network.
* References:
http://www.iss.net/security_center/static/44.php |
| Recommendation |
Recommend to disable the echo service:
For UNIX systems:
1. Comment out the echo entry in the /etc/inetd.conf file
2. Revoke the inetd process as the following command:
kill -HUP <inetd process id>
*Solaris 10 or later: Stop echo service
svcadm disable svc:/network/echo:dgram
svcadm disable svc:/network/echo:stream
*Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d/echo-dgram and /etc/xinetd.d/echo-stream and then set disable=yes
and then restart xinetd
For Windows NT systems:
1. Open the Services control panel. From the Windows NT Start menu, select Settings --> Control Panel and Services.
2. Select the Simple TCP/IP Services service and click Stop from the context menu.
3. Click Startup.
4. To permanently stop all TCP/IP services, click Disabled.
For Windows 2000 systems:
1. Open the Services control panel. From the Windows 2000 Start menu, select Settings --> Control Panel --> Administrative tools and Services.
2. Right-click on the Simple TCP/IP Services and choose Stop from the context menu.
3. Right-click on the Simple TCP/IP Services and choose Properties from the context menu.
4. Go to Startup and To permanently stop all TCP/IP services, click Disabled.
* Windows XP, 2003, VISTA, 7, 2008, 10, 2016, 2019
1. Start menu, select Run and then execute services.msc
2. Right-click on the Simple TCP/IP Services and choose Stop from the context menu.
3. Right-click on the Simple TCP/IP Services and choose Properties from the context menu.
4. Go to Startup and To permanently stop all TCP/IP services, click Disabled.
* Windows 8, 2012
1. Open the Charms and select search, type serivces.msc, and click OK. (The focus is local computer by default)
2. Right-click on the Simple TCP/IP Services and choose Stop from the context menu.
3. Right-click on the Simple TCP/IP Services and choose Properties from the context menu.
4. Go to Startup and To permanently stop all TCP/IP services, click Disabled.
-- OR --
If you only want to disable the echo service:
1. Open the registry editor. From the Windows NT/2000 Start menu, select Run. Type regedt32 and click OK.
2. Select the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SimpTcp\Parameters key.
3. Set EnableTcpEcho and EnableUdpEcho to 0.
4. Restart the Simple TCP/IP service. |
| Related URL |
CVE-1999-0635,CVE-1999-0103 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
