Snort mailing list archives
TCP/UDP "trivial" ports?
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Tue, 23 Apr 2013 18:35:27 +0000
I see that using the chargen port for DDoS is happening: https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647 Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have one? -- Shane Castle Data Security Mgr, Boulder County IT ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Will Metcalf (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Message not available
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Joel Esler (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Will Metcalf (Apr 23)