Test ID:	10198
Category:	Useless services
Title:	Check for Quote of the Day (qotd) Service (TCP)
Summary:	The Quote of the Day (qotd) service is running on this host.
Description:	Summary: The Quote of the Day (qotd) service is running on this host. Vulnerability Insight: A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection (and any data received is thrown away). The service closes the connection after sending the quote. Remark: NIST don't see 'configuration issues' as software flaws so the referenced CVE has a severity of 0.0. The severity of this VT has been raised by Greenbone to still report a configuration issue on the target. Vulnerability Impact: An easy attack is 'pingpong' which IP spoofs a packet between two machines running qotd. This will cause them to spew characters at each other, slowing the machines down and saturating the network. Solution: - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0103 Cert/CC Advisory: CA-96.01.UDP_service_denial https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01 XForce ISS Database: chargen XForce ISS Database: chargen-patch XForce ISS Database: echo
Copyright	Copyright (C) 1999 Mathieu Perrin

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.