[Snort-sigs] TCP/UDP "trivial" ports?
scastle at ...3555...
Tue Apr 23 14:35:27 EDT 2013
I see that using the chargen port for DDoS is happening: https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647
Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have one?
Data Security Mgr, Boulder County IT
More information about the Snort-sigs