Date: Mon, 26 Feb 1996 13:10:47 -0800 (PST) From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu> To: wollman@lcs.mit.edu (Garrett A. Wollman) Cc: security@freebsd.org Subject: Re: Alert: UDP Port Denial-of-Service Attack (fwd) Message-ID: <199602262110.NAA13050@kdat.calpoly.edu> In-Reply-To: <9602251821.AA15742@halloran-eldar.lcs.mit.edu> from "Garrett A. Wollman" at Feb 25, 96 01:21:16 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > <<On Fri, 23 Feb 1996 21:37:20 -0700, Warner Losh <imp@village.org> said: > > > You'd not have these services :-) Usually the daytime service can be > > moderately useful, since it doesn't suffer from the bombing problems > > (sure, you can get it to generate a packet, but it will be only > > one). > > However, it is trivial to get the daytime service to ping-pong with > the echo service. Same thing for the chargen service (don't know what > purpose that serves...) Another attack that would possibly work is that you could send a packet to the daytime port from the broadcast address. I believe that most modern systems (including FreeBSD) will need the socket to have SO_BROADCAST set so this most likely won't succeed. However, I believe that if a service is for network testing, then why have it enabled by default? What percentage of traffic on your average net is to the chargen port as opposed to say, telnet and smtp? It can possibly hurt things, it doesn't necessarily help much, so leave it off by default. > > UDP is, at present, the only thing impacted. It only takes one rogue > > packet to set them jabbering at each other (which is one reason we > > don't allow any IP packets with "src" of one of our netblock through > > our firewall). > > Of course, that doesn't help you if the forged source is on someone > else's network... Be kind to your neighbors. Block outgoing spoofed source addresses as well as incoming. -- Nate Lawson \Yeah, I was dreaming through the 'howzlife', yawning, car black, CS-EE double \when she told me 'mad and meaningless as ever...' and a song major, \came on the radio like a cemetery rhyme for a million crying unaccredited \corpses in their tragedy of respectable existence. - BR
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602262110.NAA13050>