4.1.5.2 chargen

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This entry starts the chargen service when required. This service is used to test the integrity of TCP/IP packets arriving at the destination.

Rationale:

This chargen service is a character generator service and is used for testing the integrity of TCP/IP packets arriving at the destination. An attacker may spoof packets between machines running the chargen service and thus provide an opportunity for DoS attacks. You must disable this service unless you are testing your network.

Solution

In /etc/inetd.conf, comment out the chargen entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'chargen' -p udp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/7851