[Snort-sigs] Voip attack

Nigel Houghton nhoughton at ...435...
Tue Mar 8 18:35:49 EST 2011

On Wed, 9 Mar 2011 00:13:30 +0100, PAURON, GUILLAUME (GUILLAUME) wrote:
> Hello All,
> I’m pretty new with snort and I’m installing a snort device in Voip 
> environment.
> I downloaded VRT rules but most of the voip rules are disabled by 
> default. Is it deprecated rules?
> I also see that most of my traffic is UDP data on high ports; did 
> someone ever implement attack detection on such traffic? I saw some 
> things on articles like 
> but I’m afraid it will be too complex for my snort (I’m already 
> dropping a lot of traffic currently).
> I’m also aware of all return of experience or whatever with snort and 
> voip :)
> Regards,
> Pauron Guillaume

No, they are not deprecated. To enable them, make sure to include the 
rules file from your snort.conf and then enable the rules you want by 
uncommenting them in that file.

Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/

More information about the Snort-sigs mailing list