Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Detecting Connections in Snort

From: Faiz Ahmad Shuja <faizshuja(at)yahoo.it>
Date: Fri May 30 2003 - 23:44:23 EDT

Does anybody have idea about detecting multiple connections from a single IP in Snort?. I want to detect multiple connection request from a single IP to mail server [port 25]. Somtimes a single IP have taken up all the connection slots. Is there anyway to set a threshold?. If I am getting multiple connections from a single host to any service and it reaches a specific count, I get the alert?.

Please advise.

Thanks!

Regards,
Faiz

application/x-pkcs7-signature attachment: smime.p7s

Received on Sun Jun 1 13:47:31 2003

This message: [ Message body ]
Next message: Stefano Zanero: "Re: IDS thoughts"
Previous message: SecurIT Informatique Inc.: "Re: Random IDS Thoughts [WAS: Re: IDS thoughts]"
Next in thread: Marcelo Olguin: "Re: Detecting Connections in Snort"
Reply: Marcelo Olguin: "Re: Detecting Connections in Snort"
Reply: Faiz Ahmad Shuja: "RE: Detecting Connections in Snort"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:12 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library