VRT Advisories


VRT Rules 2007-09-17

Sourcefire VRT Rules Update

Date: 2007-09-17

Synopsis:

This release provides two new rule groupings, Voice over IP (VoIP) rules and Content-Replace rules.

Details:

This group contains rules that are concerned with Voice over IP (VoIP) detection. This rule group focuses on known exploit attempts as well as providing detection for anomalous events.

Voice over IP rules:
This group contains rules that are concerned with Voice over IP (VoIP) detection.

Content-Replace rules:
This group contains rules that concentrate on replacing transaction data with innocuous strings to effectively deny a valid transaction while keeping a connection active. This allows a deployment where instant messaging may be allowed for communication purposes but where file transfer is prohibited.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.