Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] TCP/UDP "trivial" ports?
From: Will Metcalf <william.metcalf () gmail com>
Date: Tue, 23 Apr 2013 14:29:26 -0500

UDP sig with threshold might be interesting... Will be expensive though.
What do yo guy's think?

Regards,

Will


On Tue, Apr 23, 2013 at 1:35 PM, Castle, Shane <scastle () bouldercounty org>wrote:

I see that using the chargen port for DDoS is happening:
https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647

Now, I block all these both ways at my firewall (actually, on the outside,
I think they are in a router ACL), but looking through the complete set of
rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271)
that seems to address this port range of the TCP and UDP "trivial" (AKA
"simple") ports. Has there ever been one? Should we have one?

--
Shane Castle
Data Security Mgr, Boulder County IT


_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () lists emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for all versions of
Suricata and Snort 2.4.0 through Current!

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]