Filter NTP traffic by packet size?
Jimmy Hess
mysidia at gmail.com
Thu Feb 27 06:06:44 UTC 2014
On Wed, Feb 26, 2014 at 11:09 PM, Randy Bush <randy at psg.com> wrote:
> > I only ran the scan once, but had ~130k devices respond.
> is there any modern utility in chargen?
>
Does ne'er-do-wells hitting IRC users with "DCC CHAT" requests targeted to
trick the victim into connecting to port 19/tcp count as a modern use?
I remember, that was a dirty trick in the late '90s, that would today be
called a DoS, since the result was to crash desktop chat software -----
nonetheless, it's the only thing I heard of anyone using chargen for until
recently.
Well, if you enable chargen on a large number of hostst and directed
broadcasts: an artificially created chargen storm could be one way to
stres-test a WAN link, or to help validate QoS prioritization.
Chargen's supposed to be a useful measurement and debugging tool, for
developing a TCP/IP stack. I think it has little use nowadays, and
there are some more sophisticated tools around today.
I would say chargen may have some utility, but it should not be a service
turned on, provided, or offered outside the secure confines of a testing
lab.
In other words: chargen for testeing in a lab, sure.
Chargen on production devices, when connected to the public internet: bad
idea
--
-JH
More information about the NANOG
mailing list