26 Feb
2014
26 Feb
'14
5:48 p.m.
On 2/26/2014 5:33 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
Blocking chargen at the edge doesn't seem to be outside of the realm of possibilities. What systems are (a) still have chargen enabled and (b) common enough to make it a viable DDoS vector? Just wondering if I need to go around and find users of mine that need to be smacked around with a large trout.... I would do it. I scanned all my public and private networks and found a few. I've added it to our customer acls to stop it. There were also a couple of internal routers that someone had turned or left it on that were missed. Those are now fixed.
nmap -T4 -oG chargen_scan.txt -sS -sU -p 19 <your netblocks here>