Quote of the Day (QOTD) is a service running on port 17. It returns the quotation of the day, which is a message composed of one of multiple lines.
Attackers can use QOTD to launch denial of service attacks. (The Bandwidth Amplification Factor is about 140.3. Ref: http://www.us-cert.gov/ncas/alerts/TA14-017A )
How to test if your server/device is vulnerable
If the quote is returned, this means that the server is vulnerable. (Replace xx.xx.xx.xx by your server's IP address):
# telnet xx.xx.xx.xx 17
Example of output for a vulnerable server:
Connected to xx.xx.xx.xx.
Escape character is '^]'.
"The secret of being miserable is to have leisure to bother about whether
you are happy or not. The cure for it is occupation."
Connection closed by foreign host.
Another method using nmap:
# sudo nmap -sU -PN -p17 xx.xx.xx.xx
Example of output for a server not vulnerable:
Starting Nmap 6.40 ( http://nmap.org ) at 2015-00-00 00:00 EDT
Nmap scan report for xx.xx.xx.xx
Host is up.
PORT STATE SERVICE
17/udp open|filtered qotd
Nmap done: 1 IP address (1 host up) scanned in 2.50 seconds
Disable the service or ports, unless they are needed.
To disable QOTD when started from inetd:
- Edit the /etc/inetd.conf (or equivalent) file.
- Locate the line that controls the qotd daemon.
- Type a # at the beginning of the line to comment out the daemon.
- Restart inetd.
Set the following registry keys to 0:
Then launch cmd.exe and type the following commands to restart the service:
net stop simptcp
net start simptcp
Configure the firewall to block port 17 (UDP and TCP).
RFC 865: http://tools.ietf.org/html/rfc865