4.3. Disabling Unused Services
A router can run many services that are neither needed nor desired. It is a good idea to disable those services. It is often not advertised that these services are running, so it is a good idea to check your router vendor’s website, and read through your documentation to determine if there are unnecessary services running.
Cisco, for example, up until version 12.0 of IOS, [5] enabled a group of diagnostic services: echo, chargen, and discard for both UDP and TCP connections. An attacker can use these services to launch a DoS attack against the router.
[5] IOS is Internet Operating System. It is the operating system that runs on all Cisco routers and many of the Cisco switches.
These services can be remotely accessed. ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
