Facbook Pixel

How to Disable CHARGEN on Your Server

CHARGEN-exploited DDoS attacks use a flawed and outdated testing/debugging protocol that has not been removed from most operating systems. Disabling CHARGEN stops a server from being misused by an attacker.

DIFFICULTYBasic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED15-30 min
RELATED PRODUCTSVPS or dedicated servers

Windows-based Servers

From the cmd prompt (run as Administrator on Windows Server 2012), run:

sc stop simptcp

Response:

SERVICE_NAME: simptcp TYPE : 20 WIN32_SHARE_PROCESS STATE : 3 STOP_PENDING (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x1 WAIT_HINT : 0x4e20

Then run:

sc config simptcp start= disabled

Response:

[SC] ChangeServiceConfig SUCCESS

Linux Server

Access your server via SSH as root.

Locate the following file:

/etc/xinetd.d/chargen-stream

Edit the file to include (add if not there already) under the Environmental options header:

enabled = chargen-stream

Remember to restart the xinetd service:

service xinetd restart

You may also find this same line in other files of /etc/xinetd.d/


As CHARGEN can be re-enabled through a simple reversal of these steps a simple malicious script could be used to again open up a server for exploit. Please refer to our other server security articles for steps and tips to reducing the chances of an exploited server.