GEN:SID 1:521
Message MISC Large UDP Packet
Summary This event is generated when an overly large UDP packet is observed.
Impact Possible denial of service.  UDP packet payloads are typically smaller than 4000 bytes.  One possible explanation of a payload of greater than 4000 bytes is an attempted denial of service.
Detailed Information UDP payloads are typically smaller than 4000 bytes since the UDP protocol is intended to be used for the transmission of smaller payloads.  When a large payload is observed, it may be a sign or anomalous activity, perhaps an attempted denial of service against the remote host.
Affected Systems Any system that listens for a UDP service.
Attack Scenarios An attacker may craft large UDP payloads in an attempt to cause a denial of service against a remote host.
Ease of Attack Simple.
Corrective Action Allow only known UDP protocols inbound.
Additional References Arachnids:
http://www.whitehats.com/info/IDS521
Rule References arachnids: 247