Snort mailing list archives
Re: Voip attack
From: "PAURON, GUILLAUME (GUILLAUME)" <guillaume.pauron () alcatel-lucent com>
Date: Thu, 10 Mar 2011 01:13:38 +0100
Thank you for your response :) I know how to enable it, but I was only wondering why it was deactivated. But after reflexion it is logic not enabling voip rules in a standard snort installation ;) I am still searching for my other interrogations. Regards, ----------------------------------------------------------------------------------------------- Mr Guillaume Pauron Alcatel-Lucent France Security Engineer Service: Threat Management Center (TMC) Office: NEW0.D22 Route de Villejust 91620 NOZAY (FRANCE) Email: guillaume.pauron () alcatel-lucent com Phone: +33 (0)1 3077 7167 ----------------------------------------------------------------------------------------------- -----Message d'origine----- De : Nigel Houghton [mailto:nhoughton () sourcefire com] Envoyé : mercredi 9 mars 2011 00:36 À : PAURON, GUILLAUME (GUILLAUME) Cc : snort-sigs () lists sourceforge net Objet : Re: [Snort-sigs] Voip attack On Wed, 9 Mar 2011 00:13:30 +0100, PAURON, GUILLAUME (GUILLAUME) wrote:
Hello All, Iʼm pretty new with snort and Iʼm installing a snort device in Voip environment. I downloaded VRT rules but most of the voip rules are disabled by default. Is it deprecated rules? I also see that most of my traffic is UDP data on high ports; did someone ever implement attack detection on such traffic? I saw some things on articles like
http://www.slideshare.net/Catharine24/intrusion-detection-in-voiceoverip-environments
but Iʼm afraid it will be too complex for my snort (Iʼm already dropping a lot of traffic currently). Iʼm also aware of all return of experience or whatever with snort and voip :) Regards, Pauron Guillaume
No, they are not deprecated. To enable them, make sure to include the rules file from your snort.conf and then enable the rules you want by uncommenting them in that file. -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- Voip attack PAURON, GUILLAUME (GUILLAUME) (Mar 08)
- Re: Voip attack Nigel Houghton (Mar 08)
- Re: Voip attack PAURON, GUILLAUME (GUILLAUME) (Mar 09)
- Re: Voip attack evilghost () packetmail net (Mar 09)
- Re: Voip attack PAURON, GUILLAUME (GUILLAUME) (Mar 09)
- Re: Voip attack Nigel Houghton (Mar 08)