4.1.5.6 echo

Information

This entry starts the echo service when required. This service sends back data received by it on a specified port.

Rationale:

The echo service sends back data received by it on a specified port. This can be misused by an attacker to launch DoS attacks or Smurf attacks by initiating a data storm and causing network congestion. The service is used for testing purposes and therefore must be disabled if not required.

Solution

In /etc/inetd.conf, comment out the echo entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p tcp
chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p udp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Unix

Control ID: 846a36c48c936ba89966ab87cb1d6492e941bc713502b6bb0fe8555e80f76bde