COMMAND
chargen port
SYSTEMS AFFECTED
Win '95, NT
PROBLEM
Carolyn P. Meinel posted following. One of the oldest and lamest
of denial of service attacks to make several connections to port
19, chargen. According to some sources, when Up Yours 4.0 is
released this Easter (1997), it will incorporate an automated
attack that exploits chargen. Since this software is supposedly
to be a user-friendly Windows 95 program that automatically will
load the necessary drivers, we could be seeing little children
launching these attacks.
There appears to be no good reason to leave this port open unless
you are actively looking for the cause of dropped packets. So a
good security practice would be to disable it, regardless of
whether Up Yours 4.0 ends up sporting this feature.
SOLUTION
Russ.Cooper gave few solutions:
1. The most obvious answer to the question of how to prevent
Chargen attacks is not to permit it through your router.
2. By not installing the Simple TCP Services you do not
install a Chargen, Echo, Quote of the Day, etc... servers.
3. You can also disable it in NT 4.0 through the use of the
Advanced port filtering.
4. Finally, you can disable any of the individual Simple TCP
Servers by changing a value in;
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SimpTCP/Parameters
EnableTCPChargen = 0 (defaults to 0x01 = enabled)
EnableUDPChargen = 0 (defaults to 0x01 = enabled)
You will see a list of all the servers in this key and can alter
their listening states accordingly.
Derek Simmel added to use the TCPIP Security facility buried in
the Network control panel under Protocols->TCPIP->Properties->IP
Address->Advanced->Enable Security->Configure to specifiy only
those UDP/TCP ports that you will accept connection attempts to.
Outgoing connections are apparently not affected by these
settings.