Hallo Listers, *(First of all, apologies for a long email)* This is mainly meant for the Network or Security Engineers in Telco/ISP environments out there. I work in a Telco (mainly VoIP) and we are looking to buy Big Fat Firewalls with IDS/IPS features with throughput greater than 40Gbps Reason for this high perfomance requirement is that we want to move VoIP traffic (SIP/RTP) behind the Firewalls to be able to do IDS/IPS inspection of this traffic which is very latency sensitive. I have done a lot of research around and even contacted the 2 most popular Firewall vendors Cisco/Juniper but am NOT too impressed so far... The highest demands that we have are on the following IDS/IPS functionalities: 1. Block SIP brute force registrations (Easy to Implement) 2. Ability to detect and block SIP fraud calls (toll fraud) by performing the following deep packet inspection tasks: - Setting a threshold of calls per calling number to destination number and blocking calls that exceed this threshold. - Alternatively the VoIP IPS should be able to do the above automatically e.g. learn calling patterns of Numbers automatically and be able to blacklist offending SRC IP/SIP URI when certain thresholds are reached (and removing this ban after some time) 3. Ability to detect and mitigate IP Telephony SPAM (SPIT) That said, I have 2 ideas of how to implement the above: 1. *Put everything behind the new Firewalls (but then the FW in question has to have proper IDS/IPS features to automatically detect the above VoIP attacks and block them)* 2. *Install normal Enterprise class Firewalls (without IDS/IPS) and have a 3rd party tool e.g. SNORT doing this in real time and interacting directly with the FWs to block ongoing attacks on the fly.* My question is to anyone out there who might have input on how best to implement this and which path you would take and why? Your input is highly appreciated ! -- Kind Regards, *Moses Mungai* Oslo, Norway