The Full Wiki

CHARGEN: Wikis

Advertisements
  

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

From Wikipedia, the free encyclopedia

The Internet Protocol Suite
Application Layer
BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · Megaco · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · RTSP · SDP · SIP · SMTP · SNMP · SOAP · SSH · Telnet · TLS/SSL · XMPP · (more)
Transport Layer
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP/InARP · NDP · OSPF · Tunnels (L2TP) · PPP · Media Access Control (Ethernet, DSL, ISDN, FDDI) · (more)

The CHARGEN (character generator) service is an internet protocol defined in RFC 864. It is intended for testing and measurement purposes.

A host may connect to a server that supports the CHARGEN protocol, on either TCP or UDP port 19. Upon opening a TCP connection, the server starts sending arbitrary characters to the connecting host and continues until the host closes the connection. In the UDP version of the protocol, the server sends a UDP packet containing a random number (between 0 and 512) of characters every time it receives a UDP packet from the connecting host. Any data received by the server is thrown away.

Contents

Inetd implementation of CHARGEN

On Linux, FreeBSD, and other UNIX-like operating systems a chargen server is built into the inetd daemon. The chargen service is usually not enabled by default. It may be enabled by adding the following lines to the file /etc/inetd.conf and telling inetd to reload its configuration:

chargen   stream  tcp     nowait  root    internal
chargen   dgram   udp     wait    root    internal

Examples of use

  • As a source of generic byte-stream payload for debugging TCP and/or UDP based network code for proper bounds checking and buffer management.
  • Can also be a source of generic payload for bandwidth measurement and/or QoS fine-tuning. Although consideration must be given if hardware compression is active, as the output from chargen is easily and efficiently compressed. This compression can cause bandwidth tests to report the size of the data after decompression, instead of the actual amount of data which passed along the wire. (Eg. 5Gb of actual data transferred may decompress to as much as 9..10Gb)

A sample session

A typical CHARGEN session looks like this: first the user connects to the host using a telnet client.

$ telnet localhost chargen
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

What follows is a stream of bytes. Although the precise format of the output is not prescribed by RFC 864, the recommended pattern (and a de-facto standard) is shifted lines of 72 ASCII characters repeating:

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv

This goes on until the client quits.

^]
telnet> quit
Connection closed.

Abuse

  • Was used maliciously to crash MS DNS servers running Microsoft Windows NT 4.0 by piping the arbitrary characters straight into the port the DNS server listens on (telnet ntbox 19 | telnet ntbox 53).[1] However, the attack was presumably a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.

See also

References

External links

  • The Character Generator Protocol (RFC 864)
Advertisements

Advertisements






Got something to say? Make a comment.
Your name
Your email address
Message