| VID |
11005 |
| Severity |
30 |
| Port |
37 |
| Protocol |
TCP,UDP |
| Class |
DOS |
| Detailed Description |
The time service is running.
Echo, chargen, time and daytime, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
For example, by connecting a host's chargen service to the time service on the same or another machine, all affected machines may be effectively taken out of service because of the excessively high number of packets produced. In addition, if two or more hosts are so connected, the intervening network may also become congested and deny service to all hosts whose traffic traverses that network.
* References:
http://www.iss.net/security_center/static/36.php |
| Recommendation |
We recommend taking all the steps described below.
1. Disable and filter chargen, echo services and other unused UDP services.
2. If you must provide external access to some UDP services, consider using a proxy mechanism to protect that service from misuse.
*Solaris 10, Solaris 11:
svcadm disable svc:/network/time:dgram
svcadm disable svc:/network/time:stream
*Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d/time-dgram and /etc/xinetd.d/time-stream and then set disable=yes
and then restart xinetd |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
