Wikipedia

Character Generator Protocol: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Bravo315 (talk | contribs)
95 edits
Added citations, added links to other articles, re-worded an un-cited sentence.
Line 3:
{{one source|date=October 2015}}
{{IPstack}}
The '''Character Generator Protocol''' ('''CHARGEN''') is a service of the [[Internet Protocol Suite]] defined in {{IETF RFC|864}} in 1983 by [[Jon Postel]]. It is intended for testing, debugging, and measurement purposes. The protocol is rarely used, as its design flaws allow ready misuse.<ref>{{Cite web|url=https://nvd.nist.gov/vuln/detail/CVE-1999-0103|title=NVD - CVE-1999-0103|website=nvd.nist.gov|access-date=2018-02-05}}</ref>
 
A host may connect to a server that supports the Character Generator Protocol on either [[Transmission Control Protocol]] (TCP) or [[User Datagram Protocol]] (UDP) [[port number]] 19. Upon opening a TCP connection, the server starts sending arbitrary characters to the connecting host and continues until the host closes the connection. In the UDP implementation of the protocol, the server sends a UDP datagram containing a random number (between 0 and 512) of characters every time it receives a datagram from the connecting host. Any data received by the server is discarded.
Line 54:
 
==Abuse==
The service was used maliciously to crash MS[[Microsoft]] DNS[[Name server|___domain name servers]] running(DNS) Microsoftrunning [[Windows NT 4.0]] by piping the arbitrary characters straight into the DNS server listening port (telnet ntbox 19 | telnet ntbox 53).<ref>{{cite web|url=http://support.microsoft.com/kb/169461 |title=Access Violation in Dns.exe Caused by Malicious Telnet Attack |last=|first=|date=2006-11-01|website=|publisher=Support.microsoft.com |archive-url=|archive-date=2006|dead-11-01 url=no|accessdate=2009-05-31}}</ref><ref>{{Cite news|url=http://www.itprotoday.com/security/ms-dns-server-subject-denial-service-attack|title=MS DNS Server subject to Denial of Service Attack|date=1997-05-27|work=IT Pro|access-date=2018-02-05}}</ref> However, the attack wasmay have presumablybeen a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.{{Citation needed|date=August 2010}}
 
UDP CHARGEN is commonly used in denial of service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. UDP CHARGEN sends 200 to 1,000 times more data than it receives, depending upon the implementation. This "traffic multiplication" is also attractive to an attacker because it obscures the attacker's IP address from the victim.
 
CHARGEN was widely implemented on network-connected printers. As printer firmware was rarely updated on older models before CHARGEN and other security concerns were known, there may still be many network-connected printers which implement the protocol. Where these are visible to the Internet, they are invariably misused as denial of service vectors. Potential attackers often scan networks looking for UDP port 19 CHARGEN sources.
 
So notorious is the availability of CHARGEN in [[Printer (computing)|printers]] that some [[Denial-of-service attack|distributed denial of service]] trojans now use UDP port 19 for their attack traffic. The supposed aim is to throw investigators off the track; to have them looking for old printers rather than subverted computers.
 
==See also==
Retrieved from "https://en.wikipedia.org/wiki/Character_Generator_Protocol"