[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] TCP/UDP "trivial" ports?
From:       "Castle, Shane" <scastle () bouldercounty ! org>
Date:       2013-04-23 18:35:27
Message-ID: 21DD7C64179C9843B756C6DD491634DB5C8D583C () Mailbox1 ! boco ! co ! boulder ! co ! us
[Download RAW message or body]

I see that using the chargen port for DDoS is happening: \
https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647 

Now, I block all these both ways at my firewall (actually, on the outside, I think \
they are in a router ACL), but looking through the complete set of rules I don't see \
anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this \
port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been \
one? Should we have one?

-- 
Shane Castle
Data Security Mgr, Boulder County IT



------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


[prev in list] [next in list] [prev in thread] [next in thread]