Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Is there a way for Snort to detect large http downloads?

From: "Jason Truong" <Jason.Truong () plumtree com>
Date: Tue, 13 Jul 2004 12:34:37 -0700
Is there a rule in Snort that can help to alert when a user it downloading a very large file from the internet...via 
http or ftp?
We have a 9mb pipe out to the internet and sometimes I get alerts (from Nagios) mentioning that the pipe if full.  I 
have already disabled P2P applications at the firewall level.  I can resort to making configs on the Cisco level but 
was wondering if there was a way for Snort to alert on large downloads.

Large can be say > 50 MB.

Thanks,

Jason 


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: