Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 10198 |
Category: | Useless services |
Title: | Check for Quote of the Day (qotd) Service (TCP) |
Summary: | The Quote of the Day (qotd) service is running on this host. |
Description: | Summary: The Quote of the Day (qotd) service is running on this host. Vulnerability Insight: A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection (and any data received is thrown away). The service closes the connection after sending the quote. Vulnerability Impact: An easy attack is 'pingpong' which IP spoofs a packet between two machines running qotd. This will cause them to spew characters at each other, slowing the machines down and saturating the network. Solution: - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-1999-0103 Cert/CC Advisory: CA-96.01.UDP_service_denial https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01 XForce ISS Database: chargen XForce ISS Database: chargen-patch XForce ISS Database: echo |
Copyright | Copyright (C) 1999 Mathieu Perrin |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |