![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Is there a way for Snort to detect large http downloads?
From: Jon Baer <security () jonbaer net>
Date: Tue, 13 Jul 2004 21:41:28 -0400
You'd probably want ntop in this situation ... www.ntop.org and then curb it off with wondershaper.
- Jon Jason Truong wrote:
Is there a rule in Snort that can help to alert when a user it downloading a very large file from the internet...via http or ftp? We have a 9mb pipe out to the internet and sometimes I get alerts (from Nagios) mentioning that the pipe if full. I have already disabled P2P applications at the firewall level. I can resort to making configs on the Cisco level but was wondering if there was a way for Snort to alert on large downloads. Large can be say > 50 MB. Thanks,Jason
------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is there a way for Snort to detect large http downloads? Jason Truong (Jul 13)
- Re: Is there a way for Snort to detect large http downloads? Jon Baer (Jul 13)