[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] "echo" dgram service in *inetd and UDP packets with sour
|
From: |
Stephane Chazelas |
|
Subject: |
[bug-inetutils] "echo" dgram service in *inetd and UDP packets with source port 7 |
|
Date: |
Thu, 27 Nov 2014 17:16:16 +0000 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Dear *inetd maintainers,
at the moment, if someone sends a spoofed UDP datagram with
src:HOSTA:7 dst:HOSTB:7
as in:
packit -t UDP -s HOSTA -S 7 -d HOSTB -D 7 -p test
That is with HOSTA source address spoofed and 7 (echo) as both
the source and destination port and if both HOSTA and HOSTB have
that service enabled (OK. that's the least likely part).
Then upon receiving that packet, HOSTB will send the same packet
reversed to HOSTA and we'll start a ping-pong game that will
only stop when someone drops the ball (tested on Debian with
inetutils-inetd and openbsd-inetd, not xinetd but I assume it's
the same).
It's even worse when that initial packet is a broadcast packet.
As a hardening feature, would it make sense for the "echo"
service not to answer requests if they come with identical
source and destination port? Maybe worth adding a note in the
manual that the echo UDP service can be used in various attacks
as well.
What do you think?
Stephane
- [bug-inetutils] "echo" dgram service in *inetd and UDP packets with source port 7,
Stephane Chazelas <=