What is an 'Open QOTD Server'?

The Quote Of The Day (QOTD) service is a member of the Internet protocol suite, defined in RFC 865. As indicated there, the QOTD concept predated the specification, when QOTD was used by mainframe sysadmins to broadcast a daily quote on request by a user. It was then formally codified both for prior purposes as well as for testing and measurement purposes in RFC 865.

Why would this be bad?

Running an open (UDP) service is not bad on its own and it is mostly a required dependancy when installing a system. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called a 'Amplification Attack'.

The attacker sends a packet apparently from the intended victim to some server on the Internet that will reply immediately. Because the source IP address is forged, the remote Internet server replies and sends data to the victim.

That has two effects: the actual source of the attack is hidden and is very hard to trace, and, if many Internet servers are used, an attack can consist of an overwhelming number of packets hitting a victim from all over the world.

But what makes reflection attacks really powerful is when they are also amplified: when a small forged packet elicits a large reply from the server (or servers). In that case, an attacker can send a small packet "from" a forged source IP address and have the server (or servers) send large replies to the victim.

Amplification attacks like that result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting a victim from around the Internet.

Recommended action

There is no reason to have this QOTD service enabled on a public facing interface. You should either stop te service or make sure it is not reachable from the internet by using RFC1918 spaces or a firewall.

Tips to resolve this matter

Unix/Linux

To disable QOTD when started from inetd:

Windows

Set the following registry keys to 0:

HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd

Then launch cmd.exe and type the following commands to restart the service:

net stop simptcp
net start simptcp