Check or Attack Name: chargen

The chargen service was detected as running. The chargen (port 19) service can be spoofed into sending data from one service on one machine to another service on another machine. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments.

In addition, URLs such as "http://localhost:19" could cause a similar denial of service to a system running Lynx and chargen. Netscape Navigator disallows access to port 19 and is not vulnerable.

Disable the service, unless it is needed.

Unix: To disable chargen when started from inetd, follow these steps:

1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the chargen daemon.
3. Type a # at the beginning of the line to comment out the daemon.
4. Restart inetd.

Windows: The chargen service is not native to Windows, but may be present. To disable only the chargen service, follow these steps:

1. Open the registry editor.
2. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SimpTcp\Parameters.
3. Double-click the EnableTcpChargen key to display the DWORD Editor.
4. Replace the value in the Data field with 0.
5. Click OK.
6. Repeat steps 3 through 5 for the EnableUdpChargen key.
7. To implement your changes, stop and restart the Simple TCP/IP Service.

CERT Advisory CA-96.01, UDP Port Denial-of-Service Attack, http://www.cert.org/advisories/CA-96.01.UDP_service_denial.html

BUGTRAQ Mailing List, Doctor Who (drwho@L0PHT.COM), Lynx/MSIE denial-of-service, http://www.geek-girl.com/bugtraq/1997_1/0264.html

CERT Advisory CA-96.01, UDP Port Denial-of-Service Attack, ftp://info.cert.org/pub/cert_advisories/CA-96.01.UDP_service_denial