[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] "echo" dgram service in *inetd and UDP packets with sour
[bug-inetutils] "echo" dgram service in *inetd and UDP packets with source port 7
Thu, 27 Nov 2014 17:16:16 +0000
Dear *inetd maintainers,
at the moment, if someone sends a spoofed UDP datagram with
packit -t UDP -s HOSTA -S 7 -d HOSTB -D 7 -p test
That is with HOSTA source address spoofed and 7 (echo) as both
the source and destination port and if both HOSTA and HOSTB have
that service enabled (OK. that's the least likely part).
Then upon receiving that packet, HOSTB will send the same packet
reversed to HOSTA and we'll start a ping-pong game that will
only stop when someone drops the ball (tested on Debian with
inetutils-inetd and openbsd-inetd, not xinetd but I assume it's
It's even worse when that initial packet is a broadcast packet.
As a hardening feature, would it make sense for the "echo"
service not to answer requests if they come with identical
source and destination port? Maybe worth adding a note in the
manual that the echo UDP service can be used in various attacks
What do you think?
- [bug-inetutils] "echo" dgram service in *inetd and UDP packets with source port 7,
Stephane Chazelas <=