3.1.5.6 echo

Information

This entry starts the echo service when required. This service sends back data received by it on a specified port.

Rationale:

The echo service sends back data received by it on a specified port. This can be misused by an attacker to launch DoS attacks or Smurf attacks by initiating a data storm and causing network congestion. The service is used for testing purposes and therefore must be disabled if not required.

Solution

In /etc/inetd.conf, comment out the echo entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p tcp
chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p udp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: a4c35cbbc3bf018bb4bd155d2cbcffac270a827268874c1238f0288fe0cc674a