[Snort-sigs] Detecting Connections

Faiz Ahmad Shuja faizshuja at ...1544...
Thu May 29 01:30:05 EDT 2003

Does anybody have idea about detecting multiple connections from a single IP?. I want to detect multiple established connections from a single IP to mail server [port 25]. Somtimes a single IP have taken up all the connection slots. Is there anyway to set a threshold?. If I am getting multiple connections from a single host to any service and it reaches a specific count, I get the alert?.

Please advise.



Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030529/753c60dc/attachment.html>

More information about the Snort-sigs mailing list