Re: udp packet storms

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Mark A. Fullmer: "Re: udp packet storms"
• Previous message: Wietse Venema: "Re: udp packet storms"
• In reply to: Darren Reed: "Re: udp packet storms"
• Next in thread: Perry E. Metzger: "Re: udp packet storms"

Darren Reed writes:
> 
> > 
> > This is yet another reason why you should disable echo, discard,
> > chargen, and any other inetd tcp/udp debugging service.  It's
> > surprising how many people leave those in inetd.conf.
> 
> Sorry, I missed out on the reason why we should disable discard.
> Would you mind explaining it ?  I thought it was like it's name sake -
> a sink hole (blackhole if you like) for packets.  Sort of like /dev/null.

tcp discard allows a "hostile" remote site to pump in a large amount
of traffic into your net, possibly congesting your link to the
internet.

I think that it might actually be benedicial to leave udp discard
active.. Turning it off wont stop people sending datagrams to it.  In
fact, turning it off will cause your machine to send ICMP port
unreachable messages...  ie: turning it off could help a malicious
host generate *more* traffic on your link.. But then again, they could
send the datagrams to any damn port they please and get an ICMP
unreach port in return.

daytime/tcp is actually quite useful.  I can't think of any reasons to
disable that one off the top of my head, but I guess daytime/udp could
also be vulnerable to a broadcast storm?  After all, it replies to a
UDP address, which could easily be 255.255.255.255/daytime..

-Peter

• Next message: Mark A. Fullmer: "Re: udp packet storms"
• Previous message: Wietse Venema: "Re: udp packet storms"
• In reply to: Darren Reed: "Re: udp packet storms"
• Next in thread: Perry E. Metzger: "Re: udp packet storms"