3.3.4.6 echo

Information

This entry starts the echo service when required. This service sends back data received by it on a specified port.

Rationale:

The echo service sends back data received by it on a specified port. This can be misused by an attacker to launch DoS attacks or Smurf attacks by initiating a data storm and causing network congestion. The service is used for testing purposes and therefore must be disabled if not required.

Solution

In /etc/inetd.conf, comment out the echo entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p tcp
chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p udp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: f7d290db53d7fb45bc6ddd36857bb566cbead3140aede01f4fe49a418e98a522