[Snort-sigs] TCP/UDP "trivial" ports?

Castle, Shane scastle at ...3555...
Tue Apr 23 14:35:27 EDT 2013

I see that using the chargen port for DDoS is happening: https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647 

Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have one?

Shane Castle
Data Security Mgr, Boulder County IT

More information about the Snort-sigs mailing list