UCF STIG Viewer Logo

The system must not have the chargen service active.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29500 GEN009140 SV-38704r1_rule ECSC-1 Medium
Description
When contacted, chargen responds with some random characters. When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection. An easy attack is 'ping-pong' in which an attacker spoofs a packet between two machines running chargen. This will cause them to spew characters at each other, slowing the machines down and saturating the network. The chargen service is unnecessary and provides an opportunity for Denial of Service attack.
STIG Date
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2014-10-03

Details

Check Text ( C-37800r1_chk )
Check the /etc/inetd.conf file for active TCP and UDP chargen service entries.

# grep chargen /etc/inetd.conf |grep -v \#

If the chargen service is enabled, this is a finding.
Fix Text (F-33058r1_fix)
Edit /etc/inetd.conf and comment out the chargen service line for both udp and tcp protocols.

Restart the inetd service.
#refresh -s inetd