[169448] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Thu Feb 27 01:07:31 2014
In-Reply-To: <m2mwhdi1k4.wl%randy@psg.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Thu, 27 Feb 2014 00:06:44 -0600
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 26, 2014 at 11:09 PM, Randy Bush <randy@psg.com> wrote:
> > I only ran the scan once, but had ~130k devices respond.
> is there any modern utility in chargen?
>
Does ne'er-do-wells hitting IRC users with "DCC CHAT" requests targeted to
trick the victim into connecting to port 19/tcp count as a modern use?
I remember, that was a dirty trick in the late '90s, that would today be
called a DoS, since the result was to crash desktop chat software -----
nonetheless, it's the only thing I heard of anyone using chargen for until
recently.
Well, if you enable chargen on a large number of hostst and directed
broadcasts: an artificially created chargen storm could be one way to
stres-test a WAN link, or to help validate QoS prioritization.
Chargen's supposed to be a useful measurement and debugging tool, for
developing a TCP/IP stack. I think it has little use nowadays, and
there are some more sophisticated tools around today.
I would say chargen may have some utility, but it should not be a service
turned on, provided, or offered outside the secure confines of a testing
lab.
In other words: chargen for testeing in a lab, sure.
Chargen on production devices, when connected to the public internet: bad
idea
--
-JH
