Re: UDP Port 7 - trying to understand

From: "Ludovic Joly" <lgr_joly@xxxxxxxxx>
Date: 25 May 2006 08:06:58 -0700

This is a classic attack.

It is very easy to spoof UDP and an attacker can make some machines
echo some packets to some others, causing a denial of service as a
result (slowing the machines down and saturating the network).

An attack may also involve the UDP chargen service (an hopefully mostly
unused service these days).

The right thing to do is to disable and filter the chargen and echo
services, as well as the other unused UDP services.

Kind regards
Ludovic Joly

.

Follow-Ups:
- Re: UDP Port 7 - trying to understand
  - From: Ludovic Joly

References:
- UDP Port 7 - trying to understand
  - From: Java and Swing
- Re: UDP Port 7 - trying to understand
  - From: Patrick Schaaf

Prev by Date: Re: Encryption for Powerpoint?
Next by Date: Re: UDP Port 7 - trying to understand
Previous by thread: Re: UDP Port 7 - trying to understand
Next by thread: Re: UDP Port 7 - trying to understand
Index(es):
- Date
- Thread

Relevant Pages

Re: HTTP over both TCP and UDP
... protocol specifies that a UDP packet that doesn't match a retained ... about the attack to quickly drop all the attack packets. ... To retain normal service under a UDP attack, ... The thing is, you must reply to each SYN flood packet with a SYN ACK, ...
(comp.os.linux.networking)
Re: auto-response IDS againt port-scanning or attacked ip?
... (the IP address of the attacker, and the time of the attack). ... (another trick I use in a different script is do a whois ... In this script, I also do a grep of the httpd logs for signs ... echo To: $email_to, "$email_to2" ...
(Focus-IDS)
Re: Netgear RP614 leaking
... local machine send a UDP message to the remote host seconds earlier. ... Say remotehost has been configured to send a UDP password request to ... machines from reaching inside machines as an accidental side-effect. ...
(comp.os.linux.networking)
RE: Why bandwidth consuming ddos attack using only udp or icmp?
... I just want to point out that instead of filtering all udp at the border ... Why bandwidth consuming ddos attack using only udp or icmp? ... the border router. ...
(Security-Basics)
Re: Thought on disconnecting hacked computers
... > Looking at my firewall logs, it seems evident that there are many ... > attempts per hour to exploit vulnerabilities that are blocked by the ... > immediately blocked all traffic from the affected machines, ... The problem is the likelihood for one man's attack signature match ...
(comp.security.misc)