From owner-freebsd-security  Sun Feb 25 14:18:54 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id OAA24271
          for security-outgoing; Sun, 25 Feb 1996 14:18:54 -0800 (PST)
Received: from zygaena.com (zygaena.com [206.148.80.1])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id OAA24266
          for <freebsd-security@freebsd.org>; Sun, 25 Feb 1996 14:18:48 -0800 (PST)
From: ewb@zygaena.com
Received: (from nobody@localhost) by zygaena.com (8.7.3/8.7.3) id RAA01373 for <freebsd-security@freebsd.org>; Sun, 25 Feb 1996 17:18:56 -0500 (EST)
X-Authentication-Warning: zygaena.com: nobody set sender to <ewb@zygaena.com> using -f
Received: from lochsa.i.com(198.30.169.3) by zygaena.com via smap (V1.3)
	id sma001371; Sun Feb 25 17:18:50 1996
Received: (from ewb@localhost) by lochsa.i.com (8.7.3/8.7.3) id RAA00532 for freebsd-security@freebsd.org; Sun, 25 Feb 1996 17:18:39 -0500 (EST)
Date: Sun, 25 Feb 1996 17:18:39 -0500 (EST)
Message-Id: <199602252218.RAA00532@lochsa.i.com>
To: freebsd-security@freebsd.org
Subject: Re: Alert: UDP Port Denial-of-Service Attack (fwd)
Sender: owner-security@freebsd.org
Precedence: bulk

>> UDP is, at present, the only thing impacted.  It only takes one rogue
>> packet to set them jabbering at each other (which is one reason we
>> don't allow any IP packets with "src" of one of our netblock through
>> our firewall).
> 
>Of course, that doesn't help you if the forged source is on someone
>else's network...

Depends on whether you have a packet filter or firewall that blocks
these "services" - or UDP in general except perhaps for 53.

All depends on your stance. Mr. Wollman at MIT has to be concerned
since his academic network is probably pretty open. Most ISP's could block
these UDP services into (and out of) their local LANS, but a disgruntled
user could still cause problems..

But of course the problem is nicely solved within inetd
(as has been pointed out I believe):

from FreeBSD inetd(8):

  All of these services are available in
  both TCP and UDP versions; the UDP versions will refuse service if the
  request specifies a reply port corresponding to any internal service.
  (This is done as a defense against looping attacks;

If we have Mr. Wollman to thank for this - Bravo!

Solaris 2.4 and SunOS 4.1.4 DO NOT have this note in the inetd man
pages - and thus I presume they are vulnerable. Don't know about other
un*xen.

--
Will Brown                  ewb@zygaena.com
Zygaena Network Services    http://www.zygaena.com