Home page logo

snort logo Snort mailing list archives

TCP/UDP "trivial" ports?
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Tue, 23 Apr 2013 18:35:27 +0000

I see that using the chargen port for DDoS is happening: 

Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but 
looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems 
to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have 

Shane Castle
Data Security Mgr, Boulder County IT

Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]