Check: GEN009230
AIX 5.3 STIG:
GEN009230
(in version v1 r3)
Title
The system must not have the echo service active. (Cat II impact)
Discussion
The echo service can be used in Denial of Service or SMURF attacks. It can also used at someone else to get through a firewall or start a data storm. The echo service is unnecessary and it increases the attack vector of the system.
Check Content
Check the /etc/inetd.conf for TCP and UDP echo service entries. #grep echo /etc/inetd.conf | grep -v \# If the echo service is enabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the echo service lines for both TCP and UDP. Restart the inetd service. # refresh -s inetd
Additional Identifiers
Rule ID: SV-38711r1_rule
Vulnerability ID: V-29507
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |