Echo service (Echo Denial of Service)About this signature or vulnerabilityBlackICE:Default risk levelMedium risk vulnerability MediumSensors that have this signatureBlackICE: 3.0Systems affectedIBM eventsmanager-multiple-xss, Wind River BSDOS, HP HP-UX, SGI IRIX, Sun Solaris, Linux Kernel, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows 98, Microsoft Windows NT 4.0: Novell NetWare, SCO Unix, SCO, Microsoft Windows 98SE, Microsoft Windows 2000, Cisco IOS, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows 7Microsoft, Windows Server 2008, Microsoft Windows Server 2008: R2, Microsoft Windows Server 2012, Microsoft Windows 8TypeDenial of ServiceVulnerability descriptionThe echo service was detected as running. The echo (port 7) service can be spoofed into sending data from one service on one computer to another service on another computer. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments. The attack can also disable your Unix server by causing it to spend all its time processing packets that are echoed back to itself.How to remove this vulnerabilityDisable the echo service if it is not being used.UNIX: Disable the echo service by commenting out the echo entry in the/etc/inetd.conf file, then restarting the inetd process.Windows: The echo service is not native to Windows, but may be present. To disable this service: Open the Services control panel. From the Windows NT Start menu, select Settings-> Control Panel-and Services. Select the Simple TCP/IP Services service and click Stop. Click Startup. To permanently stop all TCP/IP services, click Disabled.— OR —If you only want to disable the echo service:CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved. Open the registry editor. From the Windows NT Start menu, select Run. Type regedt32 and click OK. Select the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesSimpTcpParameters key. Set EnableTcpEcho and EnableUdpEcho to 0. Restart the Simple TCP/IP service.Novell:Disable the echo port as described in Novell Technical Information Document # 2946023: Install NIAS 4.0 or later. Load INETCFG — > Protocols — TCP/IP, > and set filter support to ENABLED. Load FILTCFG — > TCP/IP — > Packet Forwarding filters, and set the status to ENABLED. Verify that the action is Deny packets in the filter list. Press ENTER on ' (Filters: list of denied packets) '. Press the INSERT go to packet type Name: . Press ENTER, find the TCP echo port 7. Press the ENTER, ESCAPE, save filters: YES.ReferencesCERT Advisory CA-1996-01UDP Port Denial-of-Service Attackhttp://www.cert.org/advisories/CA-1996-01.htmlNovell Technical Information Document # 2946023TCPIP blocking ports (7, 9, 19, etc)http://support.novell.com/cgi-bin/search/tidfinder.cgi?2946023Caldera International, Inc. Security Advisory S.A.-1997.33Vulnerabilities in "inetd" in netkit-base-0.10-1ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.33.txtISS X-ForceEcho servicehttp://www.iss.net/security_center/static/44.phpCVECVE-1999-0635http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0635
đang được dịch, vui lòng đợi..
![](//viimg.ilovetranslation.com/pic/loading_3.gif?v=b9814dd30c1d7c59_8619)