[Snort-sigs] SID 271

Jon Hart jhart at ...289...
Thu Feb 7 18:18:03 EST 2002


> Rule:  
> alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP Bomb";
> classtype:attempted-dos; sid:271; rev:1;) 

I'd also vote for a more descriptive message:

alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP echo+chargen Bomb"; \
classtype:attempted-dos; sid:271; rev:2;) 

-jon







More information about the Snort-sigs mailing list