> According to Brad Powell: > > You should probably just turn off echo, discard, daytime and chargen You should turn off echo, daytime, chargen and time (at least), but there is really no need to turn off discard. You only need to turn off UDP based services which elicit responses (or error messages) when attached to another service which is feeding it "crap". Any combination of echo, time, daytime, and chargen will loop (although echo <-> echo requires the spoofed packet to have an initial payload). The DOS comes in b/c echo of these services will elicit a response given a packet from any of these services, so the 2 programs will play ping pong with each other. The discard service will just read the packet and discard it (as its name implies), so the DOS attack outlined in CERT CA-96:01 doesn't hold with discard, and it is safe to keep it in your inetd.conf file. Peter Skopp