[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

chargen is the new DDoS tool?

Subject: chargen is the new DDoS tool?
From: mysidia at gmail.com (Jimmy Hess)
Date: Tue, 11 Jun 2013 18:09:39 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <1202BE242E080642B0CD0AD0A03E8552C88F17@PGH-MSGMB-03.andrew.ad.cmu.edu> <[email protected]>

On 6/11/13, Justin M. Streiner <streiner at cluebyfour.org> wrote:
> Other than providing another DDoS vector, I'm not aware of any legitimate
> reason to keep these services running and accessible.  As always, YMMV.

They are useful for troubleshooting and diagnostic purposes.   Just be
sure to limit the maximum possible response rate and bandwidth for any
source network,   and be sure to truncate the length of the response
to the length of the original query,  so they cannot be used for
amplification.   If you can't do that, then shut them off :)

The risk that they be used to DoS the server that runs those services remains.

> jms
--
-JH

References:
- chargen is the new DDoS tool?
  - From: berni at birkenwald.de (Bernhard Schmidt)
- chargen is the new DDoS tool?
  - From: vladg at cmu.edu (Vlad Grigorescu)
- chargen is the new DDoS tool?
  - From: streiner at cluebyfour.org (Justin M. Streiner)

Prev by Date: IANA AS Numbers registry update
Next by Date: Mechanics of CALEA taps
Previous by thread: chargen is the new DDoS tool?
Next by thread: chargen is the new DDoS tool?
Index(es):
- Date
- Thread