SID 1:11987

Report a false positive

Rule Category

PROTOCOL-VOIP -- Snort has detected traffic that may indicate the presence of the VOIP protocol or vulnerabilities in the VOIP protocol on the network.

Alert Message

PROTOCOL-VOIP Via header format string attempt

Rule Explanation

This event indicates that "Via Header Format String Attempt" has occurred.

What To Look For

This event is generated when an attempt is made to send a malformed communication to a Voice over Internet Protocol (VoIP) device.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Additional Links

www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
www.ietf.org/rfc/rfc3261.txt
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Impact

Technique: Network Denial of Service

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org