[Snort-users] Best solution with snort for voip floods
Luis Daniel Lucio Quiroz
luis.daniel.lucio at ...11827...
Mon Apr 22 14:09:09 EDT 2013
Maybe this has been asked many times, i dont know.
Im having many UDP (unknown protocol - ntop markes them as unknown) flood
and the worst thing seems that server is answering (icmp and answers).
Anyway, I was wondering a solution with snort+snortsam+iptables in order to
only allow UDP (rtp port range) from IP's that are registered.
So, if extension is registered from ip 220.127.116.11, i will allow to reach ports
10000-20000/udp (example), if it doesnt i will drop packet.
how can this be done?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users