Check or Attack Name: walld

The "write all" daemon rpc.rwalld was detected as running. This daemon allows users to broadcast messages to all users connected to a network. The rwall daemon lacks significant authentication and can be used in denial of service attacks and social engineering attacks.

Disable the wall daemon by commenting it out of inetd.conf or removing it from any RC scripts. Alternatively, users can install a walld package that includes improved authentication.

CIAC Advisory Notice, Notice of Availability of Patch for rwalld/wall, http://ciac.llnl.gov/ciac/bulletins/ciac-06.shtml