[Snort-sigs] how to detect CC attack

Jamie Riden jamie.riden at ...2420...
Wed May 2 04:12:32 EDT 2012


On 2 May 2012 09:07, 闫振宇 <yanzhenyu at ...3670...> wrote:
>
> Thank you for your reply.
> Permaps I should count the total connection.
>
> 1) the total number of all connections
> 2) the top 10 ip address and their  connection number
>
> but how can accomplish this goal?
> 2012-05-02

Sorry, I don't know what we're trying to achieve here... can you
explain a bit better please?

I would suggest that something like ntop or argus may be better for
tracking connections and network statistics than snort. Check out
argus-server and argus-client on Debian.

(ObOnTopic: I tend to run argus on snort sensors if I can, as it's
another data source to look at when doing forensics. Can be handy)

cheers,
 Jamie
-- 
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
http://uk.linkedin.com/in/jamieriden




More information about the Snort-sigs mailing list