Subject: bin/2455: (security) Echo & friends can be spoofed into looping traffic
To: None <gnats-bugs@NetBSD.ORG, email@example.com>
From: None <firstname.lastname@example.org>
Date: 05/22/1996 11:08:13
>Synopsis: (security) Echo & friends can be spoofed into looping traffic
>Responsible: bin-bug-people (Utility Bug People)
>Arrival-Date: Wed May 22 06:20:04 1996
>Originator: David Brownlee
System: NetBSD orwell.southern.net 1.1B NetBSD 1.1B (_SUN4C_) #0: Tue Apr 2 08:44:20 PST 1996 email@example.com:/usr/src/sys/arch/sparc/compile/_SUN4C_ sparc
Another quote from Christopher Klaus <firstname.lastname@example.org> via BoS.
[start of text from Christopher Klaus <email@example.com>]
Chargen, Echo - These two services on many machines can be spoofed into sending
data from one service on one machine to another service on another machine
causing an infinite loop that causes high bandwidth so that the network
[end of text from Christopher Klaus <firstname.lastname@example.org>]
Fake a udp packet to port 7 on your victim from 'localhost port 7',
and watch the machine continually loop sending the packet round and
For more entertainment (& network traffic) fake it from 'hostA port 7'
to 'hostB port 7' and watch them merrily bounce it back & forth.
How fast can you say 'Denial of Service' :)
Inetd needs to check the source ports of incoming packets & reject
certain portnumbers - the list in 'biltins' looks like a good
start - echo, time, daytime, & chargen (discard is pretty safe,
but could be included if easier to code :)
Also the kernel should drop packets incoming on an interface for
which they make no sense - eg: an interface '220.127.116.11' with
netmask 0xffffff00 should only accept packets from '194.72.62.*'.