CHARGEN-exploited DDoS attacks use a flawed and outdated testing/debugging protocol that has not been removed from most operating systems. Disabling CHARGEN stops a server from being misused by an attacker.
DIFFICULTY | Basic - 1 | Medium - 2 | Advanced - 3 |
TIME REQUIRED | 15-30 min |
RELATED PRODUCTS | VPS or dedicated servers |
From the cmd prompt (run as Administrator on Windows Server 2012), run:
Response:
SERVICE_NAME: simptcp TYPE : 20 WIN32_SHARE_PROCESS STATE : 3 STOP_PENDING (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x1 WAIT_HINT : 0x4e20
Then run:
Response:
Access your server via SSH as root.
Locate the following file:
Edit the file to include (add if not there already) under the Environmental options header:
Remember to restart the xinetd service:
You may also find this same line in other files of /etc/xinetd.d/
As CHARGEN can be re-enabled through a simple reversal of these steps a simple malicious script could be used to again open up a server for exploit. Please refer to our other server security articles for steps and tips to reducing the chances of an exploited server.