[VOIPSEC] VOIP and IDS

[Henrik Ingo]

I just realised there might be some very knowloedgeable Snort people on 
this list...

What is the situation with VOIP and Intrusion Detection? How well does 
Snort (or any other IDS) recognize "traditional" IP network attacks like 
DoS or attacks on SIP?

On the other hand, are there any systems that perform analysis that we'd 
be familiar with from gsm networks (or credit card companies for that) 
ie. same person calling from Finland and Taiwan within an hour, phone 
bill doubles from last month, calls lot's of numbers he's never used 
before etc...

I'm actually more interested in the latter. Example case would be that 
someone finds out/guesses someone elses password and starts calling on 
their account.

I've not used Snort, but I've understood it's based on finding 
fingerprints (kind of like virus engine) but it doesn't have any sense 
of history which this kind of (statistical, time-series) analysis would 
require?

henrik
-- 
Henrik.Ingo at sesca.com
+358 40 569 7354