On Wed, Feb 26, 2014 at 11:09 PM, Randy Bush <randy@psg.com> wrote:
I only ran the scan once, but had ~130k devices respond. is there any modern utility in chargen?
Does ne'er-do-wells hitting IRC users with "DCC CHAT" requests targeted to trick the victim into connecting to port 19/tcp count as a modern use? I remember, that was a dirty trick in the late '90s, that would today be called a DoS, since the result was to crash desktop chat software ----- nonetheless, it's the only thing I heard of anyone using chargen for until recently. Well, if you enable chargen on a large number of hostst and directed broadcasts: an artificially created chargen storm could be one way to stres-test a WAN link, or to help validate QoS prioritization. Chargen's supposed to be a useful measurement and debugging tool, for developing a TCP/IP stack. I think it has little use nowadays, and there are some more sophisticated tools around today. I would say chargen may have some utility, but it should not be a service turned on, provided, or offered outside the secure confines of a testing lab. In other words: chargen for testeing in a lab, sure. Chargen on production devices, when connected to the public internet: bad idea -- -JH