GEN:SID 1:271
Message DOS UDP echo+chargen bomb
Summary This event is generated when an attempt is made to issue a Denial of
Service attack against a host or network by generating traffic between
your udp echo port and their udp chargen port.
Impact Potential Denial of service (DoS) condition for the target host, hosts
between the target host and the attacker, and more.
Detailed Information Traffic was detected between the udp echo port on a host on the
protected network and the udp chargen (character generator) service.  
Due to the connectionless nature of udp, a single packet from the udp chargen
service to a listening udp echo service will result in mass quantities
of traffic back and forth between the two services.
Affected Systems  
Attack Scenarios An attacker will find a host that still provides the udp chargen service
and generate traffic between it and the udp echo service on a machine.
If proper ingress/egress filtering is not in place, this traffic can be
trivially spoofed provided the attacker has elevated privledges on the
attacking/initiating machine (the source port being less than 1024).
Ease of Attack Simple.
Corrective Action Disable the chargen service unless it is absolutely needed, and apply
ingress and egress filtering.

Additionally, disable the udp echo service.
Additional References  
Rule References cve: 1999-0635
cve: 1999-0103