GlobalDispatch and port 7
Barry Margolin
barmar at bbnplanet.com
Wed Jun 16 15:51:24 UTC 1999
In article <199906160704.JAA29092 at mail.hioslo.no>,
Per Steinar Iversen <PerSteinar.Iversen at adm.hioslo.no> wrote:
>===== Original Message from "Kilheffer, John R." <john.kilheffer at amp.com> at
>15.06.99 21:53
>>You should be blocking all port 7 (echo) as well as other low ports (like
>>chargen, daytime, etc.) from the Internet. Using these ports is a popular
>>way to launch a denial of service attack (spoof a return IP address using
>>port 7 as the originating port and send the packet to the chargen port of a
>>second system and poof! You have the two locked in a echo/chargen loop).
>
>These ports are certainly inactive here - but it seems like GlobalDispatch
>use the RST packets from the inactive ports...
>
>I have stopped even these RST packets now. The result seems to be
>much increased activity from DoubleClick :-)
>
>I can see the possible need for what these people are doing,
>but as far as I am concerned they do it the wrong way.
Well, get used to it, as there are a number of products that use similar
techniques, although not necessarily the same ports. Cisco Distributed
Director and GTE Internetworking's Hopscotch also try to determine which
server is closest to the client, and may attempt to time a connection as
part of the determination. We're working with another customer that's
developing a sophisticated variation on this theme.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list