How to Disable CHARGEN on Your Server

CHARGEN-exploited DDoS attacks are simplistic but effective. Using a flawed and outdated testing/debugging protocol that has not been removed from most operating systems. Disabling CHARGEN will stop a server from being misused by an attacker in their efforts to disrupt another server.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 15-30 min
RELATED PRODUCTS VPS or dedicated servers

Windows-based Servers

From the cmd prompt (run as Administrator on Windows Server 2012), run:

sc stop simptcp

Response:

SERVICE_NAME: simptcp
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x1
        WAIT_HINT          : 0x4e20

Then run:

sc config simptcp start= disabled

Response:

[SC] ChangeServiceConfig SUCCESS

Linux Server

Access your server via SSH as root.

Locate the following file:

/etc/xinetd.d/chargen-stream

Edit the file to include (add if not there already) under the Environmental options header:

enabled = chargen-stream

Remember to restart the xinetd service:

service xinetd restart

You may also find this same line in other files of /etc/xinetd.d/


As CHARGEN can be re-enabled through a simple reversal of these steps a simple malicious script could be used to again open up a server for exploit. Please refer to our other server security articles for steps and tips to reducing the chances of an exploited server.


Hjalp denne artikel?
Tak for din feedback.
Det glæder os, at vi kunne hjælpe! Er der andet, vi kan gøre for dig?
Beklager. Er der andet, vi kan gøre for at hjælpe dig?