X
NMS Prime
Stay informed. No spam. Just content. This is our promise.
I agree to the privacy terms. I can unsubscribe at any time.
X
Thank You!
X
NMS PRIME - Konferenz
Anzahl der Teilnehmer:
Datenschutz gelesen und akzeptiert
X
Vielen Dank!
X Sign up to comment and create new topics
Skip to end of metadata
Go to start of metadata

Cisco IOS provide "small services" and the service "chargen" is one of them.

Chargen, meaning Character Generator Protocol, is used for testing and debugging.
This service can be used to create DDoS-Reflection-Attacks. There it is a good idea to disable the service/close the port 19, which the service uses.

If your CMTS has this ports open by default depends on the IOS version. In IOS12 and later these services are disabled by default, but earlier versions may have it open.

Use the following command on your pc to see if your cmts has port 19 open:

as root
# for tcp
nmap ip.of.your.cmts -p 19
# for udp
nmap -sU ip.of.your.cmts -p 19

If any of these print port 19 as open, go to your CMTS and use the following commands:

# login, enable and then use:
conf t
no service tcp-small-servers
no service udp-small-servers
end

Now your CMTS is a bit more secure.

Link for reference: https://www.stigviewer.com/stig/infrastructure_l3_switch_secure_technical_implementation_guide_-_cisco/2016-07-07/finding/V-3078

Most Popular Post
There are no posts on the topic yet!!