IDS mailing list archives
Detecting Connections in Snort
From: "Faiz Ahmad Shuja" <faizshuja () yahoo it>
Date: Sat, 31 May 2003 08:44:23 +0500
Does anybody have idea about detecting multiple connections from a single IP in Snort?. I want to detect multiple connection request from a single IP to mail server [port 25]. Somtimes a single IP have taken up all the connection slots. Is there anyway to set a threshold?. If I am getting multiple connections from a single host to any service and it reaches a specific count, I get the alert?. Please advise. Thanks! Regards, Faiz
Attachment:
smime.p7s
Description:
Current thread:
- Detecting Connections in Snort Faiz Ahmad Shuja (Jun 01)
- Re: Detecting Connections in Snort Marcelo Olguin (Jun 02)
- RE: Detecting Connections in Snort Faiz Ahmad Shuja (Jun 02)
- Re: Detecting Connections in Snort Marcelo Olguin (Jun 02)