Echo service (Echo Denial of Servic

Echo service (Echo Denial of Service)About this signature or vulnerabilityBlackICE:Default risk levelMedium risk vulnerability MediumSensors that have this signatureBlackICE: 3.0Systems affectedIBM eventsmanager-multiple-xss, Wind River BSDOS, HP HP-UX, SGI IRIX, Sun Solaris, Linux Kernel, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows 98, Microsoft Windows NT 4.0: Novell NetWare, SCO Unix, SCO, Microsoft Windows 98SE, Microsoft Windows 2000, Cisco IOS, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows 7Microsoft, Windows Server 2008, Microsoft Windows Server 2008: R2, Microsoft Windows Server 2012, Microsoft Windows 8TypeDenial of ServiceVulnerability descriptionThe echo service was detected as running. The echo (port 7) service can be spoofed into sending data from one service on one computer to another service on another computer. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments. The attack can also disable your Unix server by causing it to spend all its time processing packets that are echoed back to itself.How to remove this vulnerabilityDisable the echo service if it is not being used.UNIX: Disable the echo service by commenting out the echo entry in the/etc/inetd.conf file, then restarting the inetd process.Windows: The echo service is not native to Windows, but may be present. To disable this service: Open the Services control panel. From the Windows NT Start menu, select Settings-> Control Panel-and Services. Select the Simple TCP/IP Services service and click Stop. Click Startup. To permanently stop all TCP/IP services, click Disabled.— OR —If you only want to disable the echo service:CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved. Open the registry editor. From the Windows NT Start menu, select Run. Type regedt32 and click OK. Select the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesSimpTcpParameters key. Set EnableTcpEcho and EnableUdpEcho to 0. Restart the Simple TCP/IP service.Novell:Disable the echo port as described in Novell Technical Information Document # 2946023: Install NIAS 4.0 or later. Load INETCFG — > Protocols — TCP/IP, > and set filter support to ENABLED. Load FILTCFG — > TCP/IP — > Packet Forwarding filters, and set the status to ENABLED. Verify that the action is Deny packets in the filter list. Press ENTER on ' (Filters: list of denied packets) '. Press the INSERT go to packet type Name: . Press ENTER, find the TCP echo port 7. Press the ENTER, ESCAPE, save filters: YES.ReferencesCERT Advisory CA-1996-01UDP Port Denial-of-Service Attackhttp://www.cert.org/advisories/CA-1996-01.htmlNovell Technical Information Document # 2946023TCPIP blocking ports (7, 9, 19, etc)http://support.novell.com/cgi-bin/search/tidfinder.cgi?2946023Caldera International, Inc. Security Advisory S.A.-1997.33Vulnerabilities in "inetd" in netkit-base-0.10-1ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.33.txtISS X-ForceEcho servicehttp://www.iss.net/security_center/static/44.phpCVECVE-1999-0635http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0635

Echo service (Echo Denial of Service)
About this signature or vulnerability BlackICE: Default Risk level Medium Medium-to-risk vulnerability mà sensors have this signature BlackICE: 3.0 AFFECTED Systems IBM EventsManager-multiple-XSS, Wind River BSDOS, HP HP-UX, SGI IRIX Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG / UX, Microsoft Windows NT 4.0, Microsoft Windows 98, Novell NetWare, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Cisco IOS, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2012, Microsoft Windows 8 Type Denial of Service Vulnerability description The echo service was detected as running. The echo (port 7) service can be spoofed Into sending data from one service to another service on one computer on another computer. This action Causes an infinite loop and Creates a denial of service attack. The attack can consume Increasing amounts of network bandwidth, Causing loss of performance or a total shutdown of the network segments AFFECTED. The attack can disable am also của Unix server by Causing it to spend all the its time processing packets echoed back to chính nó được. How to remove this vulnerability Disable the echo service if it is not being USED. Unix: Disable the echo service by commenting out the echo entry in the /etc/inetd.conf file, then restarting the inetd process. Windows: The echo service is not native to Windows, but unfortunately be present. To disable this service: Open the Services control panel. From the Windows NT Start menu, select Settings -> Control Panel and Services. Select the Simple TCP / IP Services service and click Stop. Click Startup. To permanently stop all TCP / IP services, click Disabled. - OR - If you only want to disable the echo service: CAUTION: Use Registry Editor at Your Own Risk. Any change using Registry Editor and irreparable damage Severe cause, sewing and sewing require you to reinstall the operating system của. Internet Security Systems can not guarantee mà problems caused by the use of Registry Editor can be Solved. Open the registry editor. From the Windows NT Start menu, select Run. Type regedt32 and click OK. Select the HKEY_LOCAL_MACHINE System CurrentControlSet Services SimpTcp Parameters key. EnableTcpEcho and EnableUdpEcho Set to 0. Restart the Simple TCP / IP service. Novell: Disable the echo port as tả in Novell Technical Information Document # 2946023: Install NIAS4.0 or later. Load INETCFG -> Protocols -> TCP / IP, and filter set to ENABLED support. Load FILTCFG -> TCP / IP -> Packet Forwarding filters, and set the status to ENABLED. Verify rằng action is Deny packets in filter list. Press ENTER on '(Filters: list of denied packets)'. Press INSERT go to packet type: Name:



















































.
Press ENTER, find the port echo TCP 7.
Press ENTER, ESCAPE, save filters: YES. References CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack http://www.cert.org/advisories/CA -1996-01.html Novell Technical Information Document # 2946023 TCPIP blocking ports (7, 9, 19, etc) http://support.novell.com/cgi-bin/search/tidfinder.cgi?2946023 Caldera International, Inc. Security Advisory SA-1997.33 Vulnerabilities in "inetd" in netkit-base-0.10-1 ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.33.txt ISS X-Force Echo