Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Voip attack

From: "PAURON, GUILLAUME (GUILLAUME)" <guillaume.pauron () alcatel-lucent com>
Date: Wed, 9 Mar 2011 00:13:30 +0100
Hello All,

I'm pretty new with snort and I'm installing a snort device in Voip environment.

I downloaded VRT rules but most of the voip rules are disabled by default. Is it deprecated rules?

I also see that most of my traffic is UDP data on high ports; did someone ever implement attack detection on such 
traffic? I saw some things on articles like 
http://www.slideshare.net/Catharine24/intrusion-detection-in-voiceoverip-environments but I'm afraid it will be too 
complex for my snort (I'm already dropping a lot of traffic currently).

I'm also aware of all return of experience or whatever with snort and voip :)

Regards,
Pauron Guillaume



------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: