Re: inetd: discard?
On Wed, Nov 27, 2002 at 12:32:26AM +1100, Matthias Szupryczynski wrote:
> On Tue, 2002-11-26 at 23:41, Qian Gong wrote:
> > It is said that the service discard in inetd is just for testing and can
> > be removed. What's the origin of this service and what is the purpose?
> > Thanks in advance.
>
> Basically, discard can be described as a protocol used to debug network
> traffic. It takes your data, and throws it away. As far I know,
> leaving it on makes your system prone for DOS attacks.
Specifically, discard is the network /dev/null device.
Particularly, the UDP discard service can easily be exploited by a DOS
attack, and you should disable the UDP service (I disable the UDP
versions of echo, chargen, discard, daytime, and time on all
machines).
Most sites can safely disable echo, chargen, and discard completely
with no ill effects. You only need the TCP versions of time and
daytime if you have machines on your network that want to sync up
with your server using those protocols (some Windows boxes sync time
in this fashion).
HTH,
--
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
The best we can hope for concerning the people at large is that
they be properly armed.
-- Alexander Hamilton
Reply to: