/
cmty-qotd-amplification.xml
25 lines (25 loc) · 1 KB
/
cmty-qotd-amplification.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<?xml version="1.0" encoding="UTF-8"?>
<Vulnerability id="cmty-qotd-amplification" published="2014-02-09" added="2014-12-10" modified="2018-03-13" version="2.0">
<name>Quote of the Day UDP Traffic Amplification</name>
<severity>1</severity>
<cvss>(AV:N/AC:L/Au:N/C:N/I:N/A:N)</cvss>
<Tags>
<tag>Denial of Service</tag>
</Tags>
<AlternateIds>
<id name="CERT">TA14-017A</id>
<id name="URL">http://tools.ietf.org/html/rfc865</id>
</AlternateIds>
<Description>
<p>
The Quote of the Day (qotd) service is used to provide a quote to the connecting
client. When contacted over UDP, the responses can be 500x the size of
the corresponding request and can be used to conduct traffic
amplification attacks against other assets, typically in the form of
distributed reflected denial of service (DRDoS) attacks. </p>
</Description>
<Solutions>
<SolutionRef id="qotd-restrict"/>
<SolutionRef id="cmty-disable-simpletcpservices"/>
</Solutions>
</Vulnerability>