Character Generator Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 00:02, 6 April 2024 edit Okterakt (talk \| contribs) Extended confirmed users 606 edits →Abuse: citation needed ← Previous edit		Latest revision as of 20:27, 13 August 2025 edit undo Kvng (talk \| contribs) Extended confirmed users, New page reviewers 116,060 edits m format RFCs
(4 intermediate revisions by 3 users not shown)
Line 3: {{one source\|date=October 2015}} {{Infobox networking protocol \| title = Character Generator Protocol \| logo = \| logo alt = \| image = \| image alt = \| caption = \| is stack = No \| abbreviation = CHARGEN \| purpose = {{Unbulleted list\|Testing\|Debugging\|Measurement}} \| developer = [[Jon Postel]] \| date = {{Start date and age\|1983}} \| based on = \| influenced = \| osilayer = [[Application layer]] (7) \| ports = tcp/19, udp/19 \| rfcs = {{IETF RFC\|864\|plainlink=yes}} \| hardware = }} {{IPstack}} The '''Character Generator Protocol''' ('''CHARGEN''') is a service of the [[Internet Protocol Suite]] defined in {{IETF RFC\|864}} in 1983 by [[Jon Postel]]. It is intended for testing, debugging, and measurement purposes. The protocol is rarely used, as its design flaws allow for ready misuse.<ref>{{Cite web\|url=https://nvd.nist.gov/vuln/detail/CVE-1999-0103\|title=NVD - CVE-1999-0103\|website=nvd.nist.gov\|access-date=2018-02-05}}</ref> Line 128 ⟶ 147: This continues until the TCP connection is closed as shown in the trace by ending the telnet session. == Visual ~~Output~~output ~~Simulation~~simulation == For security reasons, most modern machines should have ~~both Telnet and~~ CHARGEN services disabled. The following is a Linux bash script that will simulate the visual appearance of the CHARGEN service in the terminal window. The script can be stopped by pressing {{Keypress\|Ctrl + \|C}}. <syntaxhighlight lang="bash"> strg=""; for n in {32..126}; do c=`printf '%x' $n \| xxd -r -p`; strg=${strg}${c}; done; strg=${strg}${strg}; n=0; while :; do m=n%95; echo "${strg:m:72}"; n=$((n+1)); sleep .1; done; </syntaxhighlight> ==Abuse== The service was used maliciously to crash [[Microsoft]] [[Name server\|___domain name servers]] (DNS) running [[Windows NT 4.0]] by piping the arbitrary characters straight into the DNS server listening port (<code>telnet ntbox 19 \| telnet ntbox 53</code>).<ref>{{cite web\|url=http://support.microsoft.com/kb/169461\|title=Access Violation in Dns.exe Caused by Malicious Telnet Attack\|date=2006-11-01\|publisher=Support.microsoft.com\|archive-url=https://web.archive.org/web/20140819172557/http://support.microsoft.com/kb/169461\|url-status=live\|accessdate=2009-05-31\|archive-date=2014-08-19}}</ref><ref>{{Cite news\|url=~~http~~https://www.itprotoday.com/security/ms-dns-server-subject-denial-service-attack\|title=MS DNS Server subject to Denial of Service Attack\|date=1997-05-27\|work=IT Pro\|access-date=2018-02-05}}</ref> However, the attack may have been a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.{{Citation needed\|date=August 2010}} UDP CHARGEN is commonly used in denial-of-service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. UDP CHARGEN sends 200 to 1,000 times more data than it receives, depending upon the implementation. This "traffic multiplication" is also attractive to an attacker because it obscures the attacker's IP address from the victim.{{Citation needed\|date=April 2024}} Line 144 ⟶ 163: ==See also== {{Portal\|Internet}} * [[Barber pole#Computer science\|Barber pole]] * [[Echo Protocol]]