UDP port loopback
advICE :Intrusions : 2000202

Summary

A UDP packet has been seen traveling between two "echoing" ports. Such packets can bounce an infinite number of times, using up network bandwidth and CPU.

Details

Several standard services you might have running on your system will "echo" packets upon receipt of any input. Some typical services are:

• echo (port 7)
• quote of the day (port 17)
• chargen (port 19)

An intruder can cause problems by spoofing a packet from one machine and sending it another. Both of these machines will now start echoing back and forth continuously until one of the packets is lost accidentally on the wire. The malicious intruder could generate lots of these packets in order to totally overwhelm the systems and network.

For example, an intruder might spoof a packet from person-A from their chargen port and send it to person-B to their echo port. Person-B's echo service will now respond back to person-A. Person-A's chargen service will now respond back to person-B. This process will continue infinitely until the bouncing packet is lost in the network.

Systems affected

All systems support such services and are vulnerable to this attack.

Defense

See Simple Services for more information on disabling these programs.

parametric information dstport The UDP destination port. srcport The UDP source port.

 
Version appeared: