alert udp $HOME_NET 5060 -> $EXTERNAL_NET any (msg:"ET VOIP Multiple Unauthorized SIP Responses UDP"; content:"SIP/2.0 401 Unauthorized"; depth:24; fast_pattern; threshold: type both, track by_src, count 5, seconds 360; reference:url,doc.emergingthreats.net/2009700; classtype:attempted-dos; sid:2009700; rev:2;)

Added 2011-10-12 19:28:05 UTC

This one is giving a lot of false positives with Asterisk PBX.

-- RandieM - 2016-04-26

This might be difficult to fix for us and might be better for you to do a local modification of the threshold or perhaps negate whatever is causing this to "FP". I can look at fixing it on our end, would you be able to send a pcap to: dhuss shift-2 emergingthreats \x2e net ?

-- DarienH - 2016-04-26


alert udp $HOME_NET 5060 -> $EXTERNAL_NET any (msg:"ET VOIP Multiple Unauthorized SIP Responses UDP"; content:"SIP/2.0 401 Unauthorized"; depth:24; fast_pattern; threshold: type both, track by_src, count 5, seconds 360; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009700; sid:2009700; rev:2;)

Added 2011-09-14 22:41:22 UTC


alert udp $HOME_NET 5060 -> $EXTERNAL_NET any (msg:"ET VOIP Multiple Unauthorized SIP Responses UDP"; content:"SIP/2.0 401 Unauthorized"; depth:24; fast_pattern; threshold: type both, track by_src, count 5, seconds 360; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009700; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth; sid:2009700; rev:2;)

Added 2011-02-04 17:29:04 UTC


alert udp $HOME_NET 5060 -> $EXTERNAL_NET any (msg:"ET VOIP Multiple Unauthorized SIP Responses UDP"; content:"SIP/2.0 401 Unauthorized"; depth:24; threshold: type both, track by_src, count 5, seconds 360; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009700; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth; sid:2009700; rev:1;)

Added 2009-07-29 15:45:36 UTC


Topic revision: r3 - 2016-04-26 - DarienH
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats