Snort mailing list archives
Re: [Emerging-Sigs] TCP/UDP "trivial" ports?
From: Will Metcalf <william.metcalf () gmail com>
Date: Tue, 23 Apr 2013 14:29:26 -0500
UDP sig with threshold might be interesting... Will be expensive though. What do yo guy's think? Regards, Will On Tue, Apr 23, 2013 at 1:35 PM, Castle, Shane <scastle () bouldercounty org>wrote:
I see that using the chargen port for DDoS is happening: https://isc.sans.edu/diary/A+Chargen-based+DDoS+Chargen+is+still+a+thing+/15647 Now, I block all these both ways at my firewall (actually, on the outside, I think they are in a router ACL), but looking through the complete set of rules I don't see anything but one ("DOS UDP echo+chargen bomb",sid 271) that seems to address this port range of the TCP and UDP "trivial" (AKA "simple") ports. Has there ever been one? Should we have one? -- Shane Castle Data Security Mgr, Boulder County IT _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Will Metcalf (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Message not available
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Joel Esler (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Castle, Shane (Apr 23)
- Re: [Emerging-Sigs] TCP/UDP "trivial" ports? Will Metcalf (Apr 23)