[Snort-sigs] Voip attack

PAURON, GUILLAUME (GUILLAUME) guillaume.pauron at ...3570...
Tue Mar 8 18:13:30 EST 2011

Hello All,

I'm pretty new with snort and I'm installing a snort device in Voip environment.

I downloaded VRT rules but most of the voip rules are disabled by default. Is it deprecated rules?

I also see that most of my traffic is UDP data on high ports; did someone ever implement attack detection on such traffic? I saw some things on articles like http://www.slideshare.net/Catharine24/intrusion-detection-in-voiceoverip-environments but I'm afraid it will be too complex for my snort (I'm already dropping a lot of traffic currently).

I'm also aware of all return of experience or whatever with snort and voip :)

Pauron Guillaume

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110309/d9d44b1a/attachment.html>

More information about the Snort-sigs mailing list