On Wed, Nov 27, 2002 at 12:32:26AM +1100, Matthias Szupryczynski wrote: > On Tue, 2002-11-26 at 23:41, Qian Gong wrote: > > It is said that the service discard in inetd is just for testing and can > > be removed. What's the origin of this service and what is the purpose? > > Thanks in advance. > > Basically, discard can be described as a protocol used to debug network > traffic. It takes your data, and throws it away. As far I know, > leaving it on makes your system prone for DOS attacks.
Specifically, discard is the network /dev/null device. Particularly, the UDP discard service can easily be exploited by a DOS attack, and you should disable the UDP service (I disable the UDP versions of echo, chargen, discard, daytime, and time on all machines). Most sites can safely disable echo, chargen, and discard completely with no ill effects. You only need the TCP versions of time and daytime if you have machines on your network that want to sync up with your server using those protocols (some Windows boxes sync time in this fashion). HTH, -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] The best we can hope for concerning the people at large is that they be properly armed. -- Alexander Hamilton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
