Check: GEN009140
AIX 5.3 STIG:
GEN009140
(in version v1 r3)
Title
The system must not have the chargen service active. (Cat II impact)
Discussion
When contacted, chargen responds with some random characters. When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection. An easy attack is 'ping-pong' in which an attacker spoofs a packet between two machines running chargen. This will cause them to spew characters at each other, slowing the machines down and saturating the network. The chargen service is unnecessary and provides an opportunity for Denial of Service attack.
Check Content
Check the /etc/inetd.conf file for active TCP and UDP chargen service entries. # grep chargen /etc/inetd.conf |grep -v \# If the chargen service is enabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the chargen service line for both udp and tcp protocols. Restart the inetd service. #refresh -s inetd
Additional Identifiers
Rule ID: SV-38704r1_rule
Vulnerability ID: V-29500
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |