
Echo, Chargen, Time, and Daytime Services
The echo, chargen, time, and daytime services can be spoofed into sending data
from one service on one machine to another service on another machine. This
causes an infinite loop and creates a denial of service attack. The attack can
consume increasing amounts of network bandwidth, causing loss of performance or
even a total shutdown of the affected network segments.
Risk: Medium
Fix: Comment out the echo, chargen, time, and daytime entries in the
/etc/inetd.conf file and then restart the inetd process.
Patch: There are patches available for Linux that will make echo and chargen unable
to send data to specific ports, precluding the possibility of infinite loops.