|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Snort-users] (no subject)
Date: Tue Feb 11 2003 - 14:32:40 EST
Hello all,
I am using snort,
I want to verify that in one telnet session, in one minute I will not received from the user more then 5 times the key "enter".('41')
I want snort to close the session when I received the fifth enter request.
That for I defined a rule : #alert tcp $HOME_NET any -> $EXTERNAL_NET 23
(msg:"TELNET login Type alarm alarm"; content:"|41|";)
This rule recognized telnet request and the "enter" key ('41'). I want snort to reset the session that's way I am using :
RESP_TCP_URG resp:rst_all; that's how I am closing the session.
I have no idea how to tell the snort to use the rule that I defined only after I recognize 5 "enter" in one minute in one session.
(now it close the session every time I am using telnet and "enter")
any suggestion ???????
Carmit
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list Received on Thu Feb 13 09:14:37 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:43 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |