From: "Matt Caldwell [Unix Admin]" 
Subject: UDP Storm and Cisco Crashes


        Author: Matt Caldwell falken@loclnet.com
            Topic: UDP Port Flooding Problem 

Problem:  If a number of UDP Packets with fake source addresses are sent
to Port 7 (echo), on Cisco 2500 Series (Using IOS 10.2). the router will be
overrun with the packets and stop transmitting data from and to the 
Network.  It fills the Process Tables and the router chokes on 
itself.  Our company (loclnet.com) was attacked by this and we 
had to physically reboot the router. From testing the Cisco, it 
will reboot from the console and the telnet port after the flooding 
from the attacker has seased.

(this is old information)

Who Knows About the Problem: I have confirmed this problem with testing 
on company routers from a program called that was written by a unnamed
source (soldier). It is to my understanding only a hand full of hackers
on the net have the program. The  University of California at Irvine to
my understanding also knows about the problem and has patched there
routers.
  
Vulnerability:  

     Known:     Cisco 2500 Series Routers with UDP-SMALL-SERVICES turned on
		
  Possible:     All routers/multiplexors/bridges/gateways with UDP 
                Services on Port 7 (echo) also experimentation with port
                9 shows promise.                

Solutions:      Cisco Advised Us, to Upgrade the router OS to 10.3 or 
                Later and to turn off small UDP services. We Turned the 
                TCP Services to be Safe since port 7 is both a UDP and 
                TCP Port. Firewall Port 7. Once the Router is Upgraded 
                then it does recover even after the flood.