[Micronet] Disable the chargen service on your hosts
-----BEGIN PGP SIGNED MESSAGE-----
Due to recent security incidents involving the abuse of the "chargen"
service running on (19/udp), we are asking campus administrators to
*immediately disable chargen services* on all campus hosts, or at a
minimum, block Internet access to UDP port 19 using firewalls. There
are few if any legitimate uses for this service, and as required by
campus MSSND, unnecessary services should be removed:
The chargen service is part of "Simple TCP/IP services" on Windows
Servers and "udp-small-servers" on Cisco IOS devices, so check to make
sure these services are not enabled. The chargen service is also
frequently enabled on printers and other multifunction devices so if
you administer these devices please check your configuration.
It's a good opportunity to check for any other unnecessary services
which may be running on your devices. Abuse of the chargen service is
an example of why this minimum security standard is important -- a
service that seems harmless may be still exploited by attackers.
If anyone has a legitimate use case for chargen, please let us know.
If the service cannot be disabled it should at least be blocked from
the public Internet. For more information on chargen see:
As a reminder, discussion of sensitive IT security issues on campus
takes place on this private list. If you have an IT job function or IT
management responsibilities, please subscribe.
Security Operations Manager
Information Security and Policy Office
University of California, Berkeley
http://security.berkeley.edu -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.