[Snort-sigs] Voip attack
nhoughton at ...435...
Tue Mar 8 18:35:49 EST 2011
On Wed, 9 Mar 2011 00:13:30 +0100, PAURON, GUILLAUME (GUILLAUME) wrote:
> Hello All,
> I’m pretty new with snort and I’m installing a snort device in Voip
> I downloaded VRT rules but most of the voip rules are disabled by
> default. Is it deprecated rules?
> I also see that most of my traffic is UDP data on high ports; did
> someone ever implement attack detection on such traffic? I saw some
> things on articles like
> but I’m afraid it will be too complex for my snort (I’m already
> dropping a lot of traffic currently).
> I’m also aware of all return of experience or whatever with snort and
> voip :)
> Pauron Guillaume
No, they are not deprecated. To enable them, make sure to include the
rules file from your snort.conf and then enable the rules you want by
uncommenting them in that file.
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/
More information about the Snort-sigs