[Snort-sigs] TCP/UDP "trivial" ports?

Castle, Shane scastle at ...3555...
Tue Apr 23 14:35:27 EDT 2013


I see that using the chargen port for DDoS is happening: https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647 

Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have one?

-- 
Shane Castle
Data Security Mgr, Boulder County IT






More information about the Snort-sigs mailing list