How to Disable CHARGEN on Your Server

CHARGEN-exploited DDoS attacks use a flawed and outdated testing/debugging protocol that has not been removed from most operating systems. Disabling CHARGEN stops a server from being misused by an attacker.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 15-30 min
RELATED PRODUCTS VPS or dedicated servers

Windows-based Servers

From the cmd prompt (run as Administrator on Windows Server 2012), run:

sc stop simptcp

Response:

SERVICE_NAME: simptcp
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x1
        WAIT_HINT          : 0x4e20

Then run:

sc config simptcp start= disabled

Response:

[SC] ChangeServiceConfig SUCCESS

Linux Server

Access your server via SSH as root.

Locate the following file:

/etc/xinetd.d/chargen-stream

Edit the file to include (add if not there already) under the Environmental options header:

enabled = chargen-stream

Remember to restart the xinetd service:

service xinetd restart

You may also find this same line in other files of /etc/xinetd.d/


As CHARGEN can be re-enabled through a simple reversal of these steps a simple malicious script could be used to again open up a server for exploit. Please refer to our other server security articles for steps and tips to reducing the chances of an exploited server.