Re: Voip attack

[Nigel Houghton <nhoughton () sourcefire com>]

On Wed, 9 Mar 2011 00:13:30 +0100, PAURON, GUILLAUME (GUILLAUME) wrote:
> Hello All,
>  
> I’m pretty new with snort and I’m installing a snort device in Voip 
> environment.
>  
> I downloaded VRT rules but most of the voip rules are disabled by 
> default. Is it deprecated rules?
>  
> I also see that most of my traffic is UDP data on high ports; did 
> someone ever implement attack detection on such traffic? I saw some 
> things on articles like 
http://www.slideshare.net/Catharine24/intrusion-detection-in-voiceoverip-environments 
> but I’m afraid it will be too complex for my snort (I’m already 
> dropping a lot of traffic currently).
>  
> I’m also aware of all return of experience or whatever with snort and 
> voip :)
>  
> Regards,
> Pauron Guillaume

No, they are not deprecated. To enable them, make sure to include the 
rules file from your snort.conf and then enable the rules you want by 
uncommenting them in that file.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org