list of ip addresses involved in voip attacks. bet that ip list could be
turned into some ET rules.
http://infiltrated.net/
do we have VOIP_PORTS yet? some are on 5060, some others are on 5090,
5080, 5070, etc.
tls encrypted is at 5061
portvar [5060,5070,5080,5090]
alert udp $VOIP_ABUSE any -> $HOME_NET $VOIP_PORTS (msg:"IP listed at
infiltrated.net for voip abuse"; fwsam:src,30mins; rev:1;)
alert tcp $VOIP_ABUSE any -> $HOME_NET $VOIP_PORTS (msg:"IP listed at
infiltrated.net for voip abuse"; fwsam:src,30mins; rev:1;)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
