Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-29500 | GEN009140 | SV-38704r1_rule | ECSC-1 | Medium |
Description |
---|
When contacted, chargen responds with some random characters. When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection. An easy attack is 'ping-pong' in which an attacker spoofs a packet between two machines running chargen. This will cause them to spew characters at each other, slowing the machines down and saturating the network. The chargen service is unnecessary and provides an opportunity for Denial of Service attack. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-37800r1_chk ) |
---|
Check the /etc/inetd.conf file for active TCP and UDP chargen service entries. # grep chargen /etc/inetd.conf |grep -v \# If the chargen service is enabled, this is a finding. |
Fix Text (F-33058r1_fix) |
---|
Edit /etc/inetd.conf and comment out the chargen service line for both udp and tcp protocols. Restart the inetd service. #refresh -s inetd |