Port 17: QOTD — The Internet's Smallest Gift

Port 17 runs the Quote of the Day protocol. Connect to it, receive a quote, and the connection closes. No authentication. No request body. No headers. You knock, it answers with words, and the door shuts behind you.

That is the entire protocol. It may be the most generous thing the Internet has ever done.

The Protocol

QOTD is defined in RFC 865¹, published in May 1983 by Jon Postel at the Information Sciences Institute. The specification is one of the shortest RFCs ever written. The entire technical description fits on a single page.

Here is how it works over TCP: a server listens on port 17. When a client connects, the server sends a short message and closes the connection. Any data the client sends is ignored. The server does not care what you have to say. It just gives you something to read.

Over UDP, it is even simpler. Send a datagram to port 17. Receive a datagram back containing a quote. The contents of your datagram are ignored.

There is no specified syntax for the quote itself. RFC 865 recommends only that it be limited to ASCII printable characters, spaces, carriage returns, and line feeds, and that it remain under 512 characters¹. The choice of quote is left entirely to the server operator. This is not a protocol that tells you what to think. It just asks that you keep it brief.

How the Protocol Works

The TCP exchange:

1. Client opens TCP connection to server on port 17
2. Server sends quote (up to 512 ASCII characters)
3. Server closes the connection
4. Client reads the quote

The UDP exchange:

1. Client sends any UDP datagram to server on port 17
2. Server responds with a datagram containing a quote
3. That's it. There is no step 3.

No handshake beyond TCP's own. No content negotiation. No session management. No cookies, no tokens, no OAuth flows. You connect. You receive words. You leave. The protocol has the social dynamics of a fortune cookie.

The History

To understand port 17, you need to understand the week it was born.

In May 1983, Jon Postel published not one but six RFCs in rapid succession: RFC 862 through RFC 867². Together, they defined the "simple services" of the early Internet: Echo (port 7), Discard (port 9), Character Generator (port 19), Quote of the Day (port 17), Active Users (port 11), and Daytime (port 13). Each was a tiny, self-contained protocol designed to do exactly one thing.

These were diagnostic tools. The ARPANET had formally transitioned to TCP/IP on January 1, 1983, just four months earlier³. The old protocols were gone. The new ones needed testing. Postel's six simple services gave network administrators something to connect to, something to verify that packets were flowing, connections were opening, and the new Internet was actually working.

But here is where QOTD stands apart from its siblings. Echo just repeats what you send it. Discard swallows everything silently. Character Generator spews random ASCII. These are mechanical. They test plumbing. QOTD tests plumbing too, but it chose to do it with language.

Someone decided that the proof of connectivity should be something worth reading.

The Mainframe Tradition

The concept predated the RFC. Before Postel standardized it, mainframe system administrators had already been broadcasting quotes of the day to their users⁴. It was a cultural practice, a small human gesture embedded in the machine. When you logged into a shared mainframe, you might be greeted with a line from Shakespeare, a joke, a thought for the day. The sysadmin was leaving a note on the kitchen table.

This tradition ran parallel to the Unix fortune program, first developed for BSD systems around 1978⁵. The fortune command pulled a random quote from a database file, where entries were separated by % on its own line. Add it to your .profile, and every login greeted you with wisdom, wit, or nonsense. Themed databases proliferated: Star Trek quotes, Hitchhiker's Guide, Ambrose Bierce, Dave Barry.

RFC 865 took this tradition and gave it a port number. It turned a local custom into a network service. Now you did not need to log into the machine to receive its wisdom. You just needed to reach port 17.

The Man Behind the RFC

Jon Postel wrote or co-authored more than 200 RFCs in his lifetime⁶. He served as the RFC Editor from the very first document in 1969 until his death in 1998. He managed the Internet Assigned Numbers Authority. The Economist called him the "God of the Internet"⁷, a title he deflected with characteristic humility: "Of course, there isn't any 'God of the Internet.' The Internet works because a lot of people cooperate to do things together."

His most famous contribution may be the robustness principle, written in RFC 760: "Be conservative in what you do, be liberal in what you accept from others."⁸ It became the philosophical foundation of Internet protocol design. And you can see it alive in QOTD: the server accepts any input (liberal in what it receives) and responds with a clean, constrained message (conservative in what it sends).

Postel died on October 16, 1998, from complications following heart surgery. He was 55 years old. Vint Cerf wrote his obituary as RFC 2468, titled "I Remember IANA"⁹. It remains part of the core technical literature of the Internet, a love letter filed among the specifications.

Security

QOTD was designed for a network where trust was assumed and participants were few. It has no authentication, no encryption, no rate limiting, and no concept of abuse. In the modern Internet, this makes it dangerous.

The Pingpong Attack

The earliest known exploit is the "pingpong" attack. An attacker sends a spoofed UDP packet to a QOTD server, forging the source address to point at another QOTD server (or an echo server on port 7). The first server responds to the second. The second responds back. They loop endlessly, flooding the network with traffic and consuming CPU on both machines¹⁰.

The original PingPong exploit tool was created in 1997 by Willy Tarreau. It worked against any of the simple services (echo, daytime, chargen, QOTD) that were commonly enabled by default in Unix inetd.conf configurations¹⁰.

DDoS Amplification

The more modern threat is amplification. An attacker sends a tiny UDP packet to port 17 with a spoofed source IP (the victim's address). The QOTD server responds to the victim with a much larger quote. The bandwidth amplification factor for QOTD can reach 140.3:1¹¹, meaning a single byte from the attacker becomes 140 bytes aimed at the victim. Multiply this across thousands of exposed QOTD servers and you have a serious distributed denial-of-service attack.

QOTD was among the UDP amplification vectors identified in massive DDoS campaigns documented by security researchers and organizations like Shadowserver¹² and INCIBE-CERT¹³.

Mitigation

The answer is simple and universal: disable QOTD. Block port 17 (both TCP and UDP) at the firewall. On Unix systems, comment out the qotd line in /etc/inetd.conf and restart the service¹⁰. There is no modern reason to run this protocol on a production system.

Related Ports

Port 17 belongs to a family. These are the other simple services Postel defined in May 1983:

All six share the same design philosophy: stateless, unauthenticated, trivially simple. All six are now considered security risks if left enabled. And all six were written by the same person, in the same month, for the same purpose: to make sure the new Internet was alive.

Port 13 (Daytime) is QOTD's closest relative. Both return a short, human-readable string. The difference is that Daytime tells you the time, while QOTD tells you something someone thought was worth remembering.

Current Status

QOTD is functionally extinct in production environments. Most operating systems no longer enable it by default. Firewalls block port 17. Security scanners flag it as a vulnerability.

But it is not entirely gone. A handful of public QOTD servers still operate, maintained by hobbyists and nostalgists. Some serve quotes from literature. At least one, as of 2026, serves quotes exclusively from Star Trek: The Next Generation¹⁴. The fortune file format that QOTD servers traditionally read from, with entries separated by % on their own lines, remains a recognized standard in Unix culture⁵.

The protocol survives most visibly in computer science education, where it serves as a perfect first exercise in socket programming. It is small enough to implement in an afternoon, clear enough to understand completely, and old enough to carry a real RFC number. Students who write a QOTD server are, without knowing it, implementing something Jon Postel designed before most of their parents were online.