[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Why would someone be banging on port 7?
From:       Andrew Waddington <awadding () hookup ! net>
Date:       1997-03-31 23:19:54
[Download RAW message or body]

Maybe this is why...

	The ping program works differently for Windows 95 than for Windows
3.1.  In 	Windows 95 we use the Microsoft TCP/IP Stack and we don’t know
how to make a 	low level call, from our 16 bit application, to the 32
bit Microsoft stack so 	we can properly ping a host.  To get around
this, we fake a ping by calling 	the echo port on the machine we
specify.  Many people are turning this port 	off on their machine so we
don’t get a response. If a real ping is needed on 	Windows 95 there is a
ping program shipped with Win95 that you can use.

	From  Internet Anywhere 2.4 Trouble Shooting And Technical Support
Guide
Paul D. Robertson wrote:
> 
> On Wed, 26 Mar 1997, Karl Kraft wrote:
> 
> > Lately however, I've been getting about 20-30 rejects per day for different
> > hosts connecting to port 7/UDP and from about 4 different hosts, in
> > Germany, Austria, and Ukraine.  According to /etc/services, this is the
> > echo port, and is usually internal to inetd.
> 
> If you spoof an echo request for UDP port 7 from another host on the same
> network, you can effectively flood the network with echos from each host.
> 
> Some software has been known to use UDP echo as a 'ping' as well, so it's
> not definitely an attack if you see a valid source address.  If I recall
> correctly, Harvest cache used to do this at one point, it may still be an
> option.
> 
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal opinions
> proberts@clark.net      which may have no basis whatsoever in fact."
>                                                                      PSB#9280

[prev in list] [next in list] [prev in thread] [next in thread]