echo - TCP/UDP 7

今天给主机做扫描时，发现了下面的问题。echo服务，默认开放tcp 7或udp 7端口，向服务器端口发送信息，同样的信息内容会返回到客户端或其他地址。

10061 (20) - Echo Service Detection

Synopsis

An echo service is running on the remote host.

Description

The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly advised that you disable it, as it may be used byattackers to set up denial of services attacks against this host.

Solution

• Under Unix  systems, comment out the 'echo' line in/etc/inetd.conf andrestart the inetd process
  - Under Windows systems, set thefollowing registry key to 0:
  HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEchoHKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEchoThen launch cmd.exe and type :
  
  net stop simptcp
  net start simptcp To restart the service.

• 
  

Risk Factor

None

References

CVE CVE-1999-0103
CVE CVE-1999-0635
XREF OSVDB:150

Plugin Information:

Public ation date: 1999/06/22, Modification date: 2014/06/09

Hosts

192.168.0.4 (tcp/7)

192.168.0.10 (tcp/7)

192.168.0.11 (tcp/7)

192.168.0.11 (udp/7)

很多时候，安装一些服务软件或做完调试配置，忘记关掉不必要的服务。为了重现上述场景，选择在debian 7主机上安装xinetd.

root@linux:~# uname -a
Linux linux 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64GNU/Linux
root@linux:~# apt-cache search inetd | grep inetd
inetutils-inetd - internet super server
micro-inetd - simple network service spawner
openbsd-inetd - OpenBSD Internet Superserver
reconf-inetd - maintainer script for programmatic updates of inetd.conf
rinetd - Internet TCP redirection server
rlinetd - gruesomely over-featured inetd replacement
python-twisted-runner - Process management, including an inetd server
python-twisted-runner-dbg - Process management, including an inetd server (debug extension)
update-inetd - inetd configuration file updater
xinetd - replacement for inetd with many enhancements
root@linux:~# apt-get install xinetd
Reading package lists... Done
Building dependency tree        
Reading state information... Done
The following NEW packages will be installed:
  xinetd
0 upgraded, 1 newly installed, 0 to remove and 16 not upgraded.
Need to get 0 B/149 kB of archives.
After this operation, 323 kB of additional disk space will be used.
Selecting previously unselected package xinetd.
(Reading database ... 113919 files and directories currently installed.)
Unpacking xinetd (from .../xinetd_1%3a2.3.14-7.1+deb7u1_amd64.deb) ...
Processing triggers for man-db ...
Setting up xinetd (1:2.3.14-7.1+deb7u1) ...
[ ok ] Stopping internet superserver: xinetd.
[ ok ] Starting internet superserver: xinetd.

root@linux:~# vi /etc/xinetd.d/echo

# default: off
# description: An xinetd internal service which echo's characters back to
# clients.
# This is the tcp version.
service echo
{
        # disable               = yes
        disable         = no
        type            = INTERNAL
        id              = echo-stream
        socket_type     = stream
        protocol        = tcp
        user            = root
        wait            = no
}
 
# This is the udp version.
service echo
{
        # disable               = yes
        disable         = no
        type            = INTERNAL
        id              = echo-dgram
        socket_type     = dgram
        protocol        = udp
        user            = root
        wait            = yes
}

开启服务service xinetd start，TCP 7 / UDP 7 端口开放

root@linux:~# netstat -antu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:7               0.0.0.0:*               LISTEN                             
udp        0      0 0.0.0.0:7               0.0.0.0:*   

攻击方式

http://www.giac.org/paper/gcih/206/udp-flood-denial-service/101057
http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/phrack/phrack.ru/63/p63-0x0c.txt

root@gnu:~# nping --udp -p 7 -c 4 -S 192.168.0.97 --data-string "HELLOOOOOOOOOOOOOO" 192.168.0.98

Starting Nping 0.6.46 ( http://nmap.org/nping ) at 2014-09-05 19:57 EDT
SENT (0.0078s) UDP 192.168.0.97:53 > 192.168.0.98:7 ttl=64 id=19827 iplen=46
SENT (1.0126s) UDP 192.168.0.97:53 > 192.168.0.98:7 ttl=64 id=19827 iplen=46
SENT (2.0142s) UDP 192.168.0.97:53 > 192.168.0.98:7 ttl=64 id=19827 iplen=46
SENT (3.0161s) UDP 192.168.0.97:53 > 192.168.0.98:7 ttl=64 id=19827 iplen=46
 
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 4 (184B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
Nping done: 1 IP address pinged in 4.02 seconds

注: 本机IP： 192.168.0.100

建议:
1. 安装应用时， 确保关闭引入的不必要服务