Character Generator Protocol

On most Unix-like operating systems, a CHARGEN server is built into the inetd or xinetd daemon. The CHARGEN service is usually not enabled by default. It may be enabled by adding the following lines to the file {{mono|/etc/inetd.conf}} and telling inetd to reload its configuration:

chargen stream tcp nowait root internal

chargen dgram udp wait root internal

The CHARGEN service may be used as a source of a byte-stream for debugging TCP network code for proper bounds checking and buffer management. It may also be a source of generic payload for bandwidth measurement and/or QoS fine-tuning.{{Citation needed|date=August 2010}} Consideration must be given if hardware compression is active, as the output from the CHARGEN service is easily and efficiently compressed. This compression can cause bandwidth tests to report the size of the data after decompression, instead of the actual amount of data which passed the wire.

A typical CHARGEN service session looks like this: The user connects to the host using a telnet client.

The user receives a stream of bytes. Although the specific format of the output is not prescribed by {{IETF RFC|864}}, the recommended pattern (and a de facto standard) is shifted lines of 72 ASCII characters repeating.

$ telnet localhost chargen
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi

$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij

$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop

+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq

+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw
123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy
3456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
56789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
6789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{

789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
}

89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !

9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"

:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#

;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$

<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%

=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&

>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'

?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'(

@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()

ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*

BCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+

CDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,

DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-

EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-.

FGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./

GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0

HIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./01

IJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./012

JKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123

KLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./01234

LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./012345

MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456

NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./01234567

OPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./012345678

PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789

QRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:

RSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;

STUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<

TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=

UVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>

VWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?

WXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@

XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@A

YZ[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@AB

Z[\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABC

[\]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCD

\]^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDE

]^_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEF

^_`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFG

_`abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH

`abcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHI

abcdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ

bcdefghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJK

cdefghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL

defghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM

efghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN

fghijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO

ghijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP

hijklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ

ijklmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR

jklmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS

klmnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST

lmnopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU

mnopqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV

nopqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW

opqrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX

pqrstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY

qrstuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ

rstuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[

stuvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\

tuvwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]

uvwxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^

vwxyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_

wxyz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`

xyz{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a

yz
} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ab

z{
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abc

} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcde

} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
^]
telnet> quit
Connection closed.

This continues until the TCP connection is closed as shown in the trace by ending the telnet session.

For security reasons, most modern machines should have CHARGEN services disabled. The following is a Linux bash script that will simulate the visual appearance of the CHARGEN service in the terminal window. The script can be stopped by pressing Ctrl + C.

strg=""; for n in {32..126}; do c=`printf '%x' $n | xxd -r -p`; strg=${strg}${c}; done; strg=${strg}${strg}; n=0; while :; do m=n%95; echo "${strg:m:72}"; n=$((n+1)); sleep .1; done;

The service was used maliciously to crash Microsoft domain name servers (DNS) running Windows NT 4.0 by piping the arbitrary characters straight into the DNS server listening port (telnet ntbox 19 | telnet ntbox 53).{{cite web|url=http://support.microsoft.com/kb/169461|title=Access Violation in Dns.exe Caused by Malicious Telnet Attack|date=2006-11-01|publisher=Support.microsoft.com|archive-url=https://web.archive.org/web/20140819172557/http://support.microsoft.com/kb/169461|url-status=live|accessdate=2009-05-31|archive-date=2014-08-19}}{{Cite news|url=http://www.itprotoday.com/security/ms-dns-server-subject-denial-service-attack|title=MS DNS Server subject to Denial of Service Attack|date=1997-05-27|work=IT Pro|access-date=2018-02-05}} However, the attack may have been a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.{{Citation needed|date=August 2010}}

UDP CHARGEN is commonly used in denial-of-service attacks. By using a fake source address the attacker can send bounce traffic off a UDP CHARGEN application to the victim. UDP CHARGEN sends 200 to 1,000 times more data than it receives, depending upon the implementation. This "traffic multiplication" is also attractive to an attacker because it obscures the attacker's IP address from the victim.{{Citation needed|date=April 2024}}

CHARGEN was widely implemented on network-connected printers. As printer firmware was rarely updated on older models before CHARGEN and other security concerns were known, there may still be many network-connected printers which implement the protocol. Where these are visible to the Internet, they are invariably misused as denial of service vectors. Potential attackers often scan networks looking for UDP port 19 CHARGEN sources.

So notorious is the availability of CHARGEN in printers that some distributed denial of service trojans now use UDP port 19 for their attack traffic. The supposed aim is to throw investigators off the track; to have them looking for old printers rather than subverted computers.{{Citation needed|date=April 2024}}

{{Portal|Internet}}

• Barber pole
• Echo Protocol
• Discard Protocol
• QOTD
• Daytime Protocol
• Time Protocol

{{Reflist}}

Category:Application layer protocols

Category:Filler text

Category:Telnet