GlobalDispatch and port 7
Per Steinar Iversen
PerSteinar.Iversen at adm.hioslo.no
Wed Jun 16 07:04:42 UTC 1999
===== Original Message from "Kilheffer, John R." <john.kilheffer at amp.com> at
15.06.99 21:53
>You should be blocking all port 7 (echo) as well as other low ports (like
>chargen, daytime, etc.) from the Internet. Using these ports is a popular
>way to launch a denial of service attack (spoof a return IP address using
>port 7 as the originating port and send the packet to the chargen port of a
>second system and poof! You have the two locked in a echo/chargen loop).
These ports are certainly inactive here - but it seems like GlobalDispatch
use the RST packets from the inactive ports...
I have stopped even these RST packets now. The result seems to be
much increased activity from DoubleClick :-)
I can see the possible need for what these people are doing,
but as far as I am concerned they do it the wrong way.
-psi
More information about the bind-users
mailing list