[Snort-sigs] [Emerging-Sigs] TCP/UDP "trivial" ports?
william.metcalf at ...2420...
Tue Apr 23 15:29:26 EDT 2013
UDP sig with threshold might be interesting... Will be expensive though.
What do yo guy's think?
On Tue, Apr 23, 2013 at 1:35 PM, Castle, Shane <scastle at ...3555...>wrote:
> I see that using the chargen port for DDoS is happening:
> Now, I block all these both ways at my firewall (actually, on the outside,
> I think they are in a router ACL), but looking through the complete set of
> rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271)
> that seems to address this port range of the TCP and UDP "trivial" (AKA
> "simple") ports. Has there ever been one? Should we have one?
> Shane Castle
> Data Security Mgr, Boulder County IT
> Emerging-sigs mailing list
> Emerging-sigs at ...3694...
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs