Revision as of 04:21, 28 June 2013 edit Gdt (talk \| contribs) 165 edits →Abuse ← Previous edit		Revision as of 11:43, 14 October 2013 edit undo 193.136.143.130 (talk) No edit summary Next edit →
Line 48: UDP CHARGEN is commonly used in denial of service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. UDP CHARGEN sends 200 to 1,000 times times more data than it receives, depending upon the implementation. This "traffic multiplication" is attractive to an attacker. Also attractive is the obscuring of the attacker's IP address from the victim. CHARGEN was widely implemented on network-connected printers, and as printer firmware is rarely updated there are still many network-connected printers which implement the protocol. Where these are visible to the Internet they are invariably misused as denial of service vectors, as potential attackers often scan networks looking for UDP port 19 CHARGEN sources. So notorious is the availability of CHARGEN in printers ~~than~~that some distributed denial of service trojans now use UDP port 19 for their attack traffic. The supposed aim is to throw investigators off the track; to have them looking for old printers rather than subverted computers. A revival in the use of CHARGEN for attack traffic in June 2013 lead Brielle Bruns to comment to the NANOG mailing list, "checks her calendar I for a second worried I might have woken up from a 20 year long dream...."

Character Generator Protocol: Difference between revisions