[Snort-sigs] Voip attack
PAURON, GUILLAUME (GUILLAUME)
guillaume.pauron at ...3570...
Tue Mar 8 18:13:30 EST 2011
I'm pretty new with snort and I'm installing a snort device in Voip environment.
I downloaded VRT rules but most of the voip rules are disabled by default. Is it deprecated rules?
I also see that most of my traffic is UDP data on high ports; did someone ever implement attack detection on such traffic? I saw some things on articles like http://www.slideshare.net/Catharine24/intrusion-detection-in-voiceoverip-environments but I'm afraid it will be too complex for my snort (I'm already dropping a lot of traffic currently).
I'm also aware of all return of experience or whatever with snort and voip :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs