Content deleted Content added
m Bot: Migrating 2 interwiki links, now provided by Wikidata on d:q4035618 |
CHARGEN widely used for DoS. No references. |
||
Line 45:
==Abuse==
The service was used maliciously to crash MS DNS servers running Microsoft Windows NT 4.0 by piping the arbitrary characters straight into the DNS server listening port (telnet ntbox 19 | telnet ntbox 53).<ref>{{cite web|url=http://support.microsoft.com/kb/169461 |title=Access Violation in Dns.exe Caused by Malicious Telnet Attack |publisher=Support.microsoft.com |date=2006-11-01 |accessdate=2009-05-31}}</ref> However, the attack was presumably a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.{{Citation needed|date=August 2010}}
CHARGEN is commonly used in denial of service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. CHARGEN sends on average about two hundred times more data than it receives. This "traffic multiplication" is attractive to an attacker. Also attractive is the obscuring of the attacker's IP address from the victim.
CHARGEN was widely implemented on network-connected printers, and as printer firmware is rarely updated there are still many network-connected printers which implement the protocol. Where these are visible to the Internet they are invariably misused as denial of service vectors, as potential attackers often scan networks looking for port 19 CHARGEN sources.
==See also==
| |||