MEDIUM: Open CharGen Report

DESCRIPTION LAST UPDATED: 2023-12-07

DEFAULT SEVERITY LEVEL: MEDIUM

This report identifies hosts that have the CharGen service running and accessible on the Internet.

These services have the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks.

The service is tested by sending a UDP packet containing a single carriage return to UDP port 19.

You can track current CharGen exposure on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename(s): scan_chargen

Fields

timestamp

Time that the IP was probed in UTC+0
severity

Severity level
ip

The IP address of the device in question
protocol

Protocol that the DNS response came on (usually UDP)
port

Port that the CharGen response came from
hostname

Reverse DNS name of the device in question
tag

Will always be chargen
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question resides
naics

North American Industry Classification System Code
hostname_source

Hostname source
sector

Sector the device belongs to
response_size

Response size in bytes
amplification

Describes the amplification factor

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","sector","response_size","amplification"
"2010-02-10 00:00:00",medium,192.168.0.1,udp,19,node01.example.com,chargen,64512,ZZ,Region,City,0,,,4334,4334.00
"2010-02-10 00:00:01",medium,192.168.0.2,udp,19,node02.example.com,chargen,64512,ZZ,Region,City,0,,,6123,6123.00
"2010-02-10 00:00:02",medium,192.168.0.3,udp,19,node03.example.com,chargen,64512,ZZ,Region,City,0,,,74,74.00

Our 135 Report Types

« Back to Network Reporting