Home > Security > TCP and UDP Small Servers

TCP and UDP Small Servers

April 15th, 2010

TCP and UDP small servers are servers (daemons, in Unix parlance) that run in the router which are useful for diagnostics.

TCP Small Servers

The TCP small servers are:

  • Echo: Echoes back whatever you type through the telnet x.x.x.x echo command.
  • Chargen: Generates a stream of ASCII data. Use the telnet x.x.x.x chargen command.
  • Discard: Throws away whatever you type. Use the telnet x.x.x.x discard command.
  • Daytime: Returns system date and time, if it is correct. It is correct if you run Network Time Protocol (NTP), or have set the date and time manually from the exec level. Use the telnet x.x.x.x daytime command.

Replace x.x.x.x with the IP address of your router. Most routers inside Cisco run the small servers.

UDP Small Servers

The UDP small servers are:

  • Echo: Echoes the payload of the datagram you send.
  • Discard: Silently pitches the datagram you send.
  • Chargen: Pitches the datagram you send, and responds with a 72-character string of ASCII characters terminated with a CR+LF.

Notes:

  • Almost all Unix boxes support the small servers listed above.
  • The router also offers finger service and async line bootp service, which you can independently turn off with the configuration global commands no service finger and no ip bootp server, respectively.

TCP and UDP Commands

The commands to enable for the TCP and UDP small servers are service tcp-small-servers and service udp-small-servers.

The TCP and UDP small servers are enabled by default on Cisco IOS Software Version 11.2 and earlier. They may be disabled using the commands no service tcp-small-servers and no service udp-small-servers. They are disabled by default on Cisco IOS Software Versions 11.3 and later.

It is recommended that you do not enable these services unless it is absolutely necessary. These services could be exploited indirectly to gain information about the target system or directly as is the case with the fraggle attack which uses UDP echo.

Categories: Security Tags: ,
Comments are closed.