aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/pfsense_rules
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-06-15 21:16:30 -0700
committerrobiscool <robrob2626@yahoo.com>2009-06-15 21:16:30 -0700
commit683a07207a8d9fa143728a15ca13f93f99b87fa9 (patch)
tree7158ce2bb9ada958b231ed200a00302fbc98050d /config/snort/pfsense_rules
parentd636274b5eb36ddf3dfe83e641ff134eeb9407b8 (diff)
downloadpfsense-packages-683a07207a8d9fa143728a15ca13f93f99b87fa9.tar.gz
pfsense-packages-683a07207a8d9fa143728a15ca13f93f99b87fa9.tar.bz2
pfsense-packages-683a07207a8d9fa143728a15ca13f93f99b87fa9.zip
pfsense custom voip rules
Diffstat (limited to 'config/snort/pfsense_rules')
-rw-r--r--config/snort/pfsense_rules/pfsense-voip.rules3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/snort/pfsense_rules/pfsense-voip.rules b/config/snort/pfsense_rules/pfsense-voip.rules
new file mode 100644
index 00000000..f168403d
--- /dev/null
+++ b/config/snort/pfsense_rules/pfsense-voip.rules
@@ -0,0 +1,3 @@
+alert ip any any -> $HOME_NET $SIP_PROXY_PORTS (msg:"OPTIONS SIP scan"; content:"OPTIONS"; depth:7; threshold: type both , track by_src, count 30, seconds 3; sid:5000004; rev:1;)
+alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Excessive number of SIP 4xx Responses - possible user or password guessing attack"; pcre:"/^SIP\/2.0 4\d{2}"; threshold: type both, track by_src, count 100, seconds 60; sid:5000009; rev:1;)
+alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Ghost call attack"; content:"SIP/2.0 180"; depth:11; threshold: type both, track by_src, count 100, seconds 60; sid:5000009; rev:1;)