diff options
author | Ermal <ermal.luci@gmail.com> | 2014-04-08 08:48:48 +0000 |
---|---|---|
committer | Ermal <ermal.luci@gmail.com> | 2014-04-08 08:48:48 +0000 |
commit | b98fe3e8ff1560b664dc0f18c7b344ad5b1aac2c (patch) | |
tree | e72081da96f024eb8c1d466835b6f6157316fbd3 /config/snort-old/pfsense_rules | |
parent | 5e67a462ddf630b383b2f06fdc8b8bdabf9c0bb9 (diff) | |
download | pfsense-packages-b98fe3e8ff1560b664dc0f18c7b344ad5b1aac2c.tar.gz pfsense-packages-b98fe3e8ff1560b664dc0f18c7b344ad5b1aac2c.tar.bz2 pfsense-packages-b98fe3e8ff1560b664dc0f18c7b344ad5b1aac2c.zip |
Get rid of the snort-old folder since its way out of usage nowdays
Diffstat (limited to 'config/snort-old/pfsense_rules')
-rw-r--r-- | config/snort-old/pfsense_rules/local.rules | 7 | ||||
-rw-r--r-- | config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 | 1 | ||||
-rw-r--r-- | config/snort-old/pfsense_rules/rules/pfsense-voip.rules | 10 |
3 files changed, 0 insertions, 18 deletions
diff --git a/config/snort-old/pfsense_rules/local.rules b/config/snort-old/pfsense_rules/local.rules deleted file mode 100644 index 83a05f1b..00000000 --- a/config/snort-old/pfsense_rules/local.rules +++ /dev/null @@ -1,7 +0,0 @@ -# ---------------- -# LOCAL RULES -# ---------------- -# This file intentionally does not come with signatures. Put your local -# additions here. Pfsense first install rule. Rule edit tabe fails with out this file. -# -#
\ No newline at end of file diff --git a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 deleted file mode 100644 index 83d5bdae..00000000 --- a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 +++ /dev/null @@ -1 +0,0 @@ -10002
\ No newline at end of file diff --git a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules b/config/snort-old/pfsense_rules/rules/pfsense-voip.rules deleted file mode 100644 index 12f2fdf2..00000000 --- a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules +++ /dev/null @@ -1,10 +0,0 @@ -alert ip any any -> $HOME_NET $SIP_PROXY_PORTS (msg:"OPTIONS SIP scan"; content:"OPTIONS"; depth:7; threshold: type both , track by_src, count 30, seconds 3; sid:5000001; rev:1;) -# Excessive number of SIP 4xx Responses Does not work -#### alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Excessive number of SIP 4xx Responses - possible user or password guessing attack"; pcre:"/^SIP\/2.0 4\d{2}"; threshold: type both, track by_src, count 100, seconds 60; sid:5000002; rev:1;) -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Ghost call attack"; content:"SIP/2.0 180"; depth:11; threshold: type both, track by_src, count 100, seconds 60; sid:5000003; rev:1;) -# Rule for alerting of INVITE flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"INVITE"; depth:6; threshold: type both , track by_src, count 100, seconds 60; sid:5000004; rev:1;) -# Rule for alerting of REGISTER flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"REGISTER message flooding"; content:"REGISTER"; depth:8; threshold: type both , track by_src, count 100, seconds 60; sid:5000005; rev:1;) -# Threshold rule for unauthorized responses: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"SIP/2.0 401 Unauthorized"; depth:24; threshold: type both, track by_src, count 100, seconds 60; sid:5000006; rev:1;) |