Re: download size limit

[Jose Maria Lopez <jkerouac () bgsec com>]

El mar, 18 de 01 de 2005 a las 19:11, Gentian Hila escribió:
> I was wondering if snort can detected when a user (internally) uses
> more than a certain bandwidth for downloading (i.e. 2 Mb) Is there an
> automatic rule to do that ?
> Or do I need to write my own rule to do that ? Is it possible at all ?
>
> I am very new at Snort so please forgive if that's not something snort
> does at all
>
> Thank you 
>
> Genti

You have two solutions for this. You can use the iproute2
features of Linux to do QoS and limit the bandwith an IP
or user can use at a time or you can use the iptables
counters and something like swatch or logwatch and some
scripts to detect the limit.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users