How to Disable CHARGEN on Your Server

CHARGEN-exploited DDoS attacks are simplistic but effective. Using a flawed and outdated testing/debugging protocol that has not been removed from most operating systems. Disabling CHARGEN will stop a server from being misused by an attacker in their efforts to disrupt another server.

Windows-based Servers

From the cmd prompt (run as Administrator on Windows Server 2012), run:

Response:

SERVICE_NAME: simptcp
TYPE               : 20  WIN32_SHARE_PROCESS
STATE              : 3  STOP_PENDING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x1
WAIT_HINT          : 0x4e20

Then run:

Response:

Linux Server

Access your server via SSH as root.

Locate the following file:

Edit the file to include (add if not there already) under the Environmental options header:

Remember to restart the xinetd service:

You may also find this same line in other files of /etc/xinetd.d/

As CHARGEN can be re-enabled through a simple reversal of these steps a simple malicious script could be used to again open up a server for exploit. Please refer to our other server security articles for steps and tips to reducing the chances of an exploited server.

• Remove malware from your website
• Patching Your Server