Kerberos Server Spoofed Packet Amplification DoS (PingPong)
High Nessus Plugin ID 10640
SynopsisThe remote service is vulnerable to a denial of service attack.
DescriptionThe remote host is running a Kerberos server that seems to be vulnerable to a 'ping-pong' attack.
When contacted on the UDP port, this service always responds, even to malformed requests. This makes it possible to involve it in a 'ping-pong' attack, in which an attacker spoofs a packet between two machines running this service, causing them to spew characters at each other, slowing the machines down and saturating the network.
SolutionUpgrade to krb5-1.11.3 or later. Additionally, you can disable this service if it is not required.