Content deleted Content added
Clarity that it is the UDP CHARGEN used in DoS attacks. |
Use by Trojans |
||
Line 46:
The service was used maliciously to crash MS DNS servers running Microsoft Windows NT 4.0 by piping the arbitrary characters straight into the DNS server listening port (telnet ntbox 19 | telnet ntbox 53).<ref>{{cite web|url=http://support.microsoft.com/kb/169461 |title=Access Violation in Dns.exe Caused by Malicious Telnet Attack |publisher=Support.microsoft.com |date=2006-11-01 |accessdate=2009-05-31}}</ref> However, the attack was presumably a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.{{Citation needed|date=August 2010}}
UDP CHARGEN is commonly used in denial of service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. UDP CHARGEN sends
CHARGEN was widely implemented on network-connected printers, and as printer firmware is rarely updated there are still many network-connected printers which implement the protocol. Where these are visible to the Internet they are invariably misused as denial of service vectors
So notorious is the availability of CHARGEN in printers than some distributed denial of service trojans now use UDP port 19 for their attack traffic. The supposed aim is to throw investigators off the track; to have them looking for old printers rather than subverted computers.
==See also==
| |||