[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Why would someone be banging on port 7?
From: Andrew Waddington <awadding () hookup ! net>
Date: 1997-03-31 23:19:54
[Download RAW message or body]
Maybe this is why...
The ping program works differently for Windows 95 than for Windows
3.1. In Windows 95 we use the Microsoft TCP/IP Stack and we don’t know
how to make a low level call, from our 16 bit application, to the 32
bit Microsoft stack so we can properly ping a host. To get around
this, we fake a ping by calling the echo port on the machine we
specify. Many people are turning this port off on their machine so we
don’t get a response. If a real ping is needed on Windows 95 there is a
ping program shipped with Win95 that you can use.
From Internet Anywhere 2.4 Trouble Shooting And Technical Support
Guide
Paul D. Robertson wrote:
>
> On Wed, 26 Mar 1997, Karl Kraft wrote:
>
> > Lately however, I've been getting about 20-30 rejects per day for different
> > hosts connecting to port 7/UDP and from about 4 different hosts, in
> > Germany, Austria, and Ukraine. According to /etc/services, this is the
> > echo port, and is usually internal to inetd.
>
> If you spoof an echo request for UDP port 7 from another host on the same
> network, you can effectively flood the network with echos from each host.
>
> Some software has been known to use UDP echo as a 'ping' as well, so it's
> not definitely an attack if you see a valid source address. If I recall
> correctly, Harvest cache used to do this at one point, it may still be an
> option.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> proberts@clark.net which may have no basis whatsoever in fact."
> PSB#9280
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic