An Analysis of DrDoS SNMP/NTP/CHARGEN Reflection Attacks

An-Analysis-of-DrDoS-SNMP-NTP-CH.pdf

<div>
I have read that you can disable the chargen service, but I don't know how. &nbsp;I read this on a website...<br />
<br />
Disable Echo, Chargen and discard<br />
&nbsp; &nbsp; &nbsp;no service tcp-small-servers<br />
&nbsp; &nbsp; &nbsp;no service udp-small-servers<br />
<br />
But these commands do not work on our ASA. &nbsp;Does anyone know if there is a way to disable the Chargen service on an ASA 5510?
</div>


I have read that you can disable the chargen service, but I don't know how.  I read this on a website...

Disable Echo, Chargen and discard
     no service tcp-small-servers
     no service udp-small-servers

But these commands do not work on our ASA.  Does anyone know if there is a way to disable the Chargen service on an ASA 5510?

<div>
We have contacted our ISP. &nbsp;We were also able to track down who launched the attack and unfortunately a 17 year old boy will be getting a visit from law enforcement. &nbsp;He probably thought it was a cute joke to play, but now it will bring him trouble. &nbsp;Oh well, maybe it will deter him from getting into even more trouble in the future.
</div>


We have contacted our ISP.  We were also able to track down who launched the attack and unfortunately a 17 year old boy will be getting a visit from law enforcement.  He probably thought it was a cute joke to play, but now it will bring him trouble.  Oh well, maybe it will deter him from getting into even more trouble in the future.

<div>
<div class="content wysiwyg-content">
Our organization is getting hit by Chargen DrDoS attacks. &nbsp;We tried blocking port 19, but that did not help. &nbsp;We have an ASA 5510, what do we need to do to stop this?
</div>
</div>


Our organization is getting hit by Chargen DrDoS attacks.  We tried blocking port 19, but that did not help.  We have an ASA 5510, what do we need to do to stop this?

How to block a Chargen DrDoS attack?

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.