[Snort-sigs] how to detect CC attack
jamie.riden at ...2420...
Wed May 2 04:12:32 EDT 2012
On 2 May 2012 09:07, 闫振宇 <yanzhenyu at ...3670...> wrote:
> Thank you for your reply.
> Permaps I should count the total connection.
> 1) the total number of all connections
> 2) the top 10 ip address and their connection number
> but how can accomplish this goal?
Sorry, I don't know what we're trying to achieve here... can you
explain a bit better please?
I would suggest that something like ntop or argus may be better for
tracking connections and network statistics than snort. Check out
argus-server and argus-client on Debian.
(ObOnTopic: I tend to run argus on snort sensors if I can, as it's
another data source to look at when doing forensics. Can be handy)
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
More information about the Snort-sigs