[Snort-users] HTTP robot detection?

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Thu Jan 24 13:01:03 EST 2002


Anyone have any ideas on this one?

I was wondering if there was a way to make Snort detect someone running an
automated script or robot against a website the way it checks for portscans?
For example, Snort flags traffic as a portscan when there are connections to
a certain number of ports on one host within a certain time period. Is there
way to do this with URLs? For example, so many URLs accessed at one IP
address within a certain time period would be flagged as some sort of
automated tool or robot scanning a site?

Thanks!





More information about the Snort-users mailing list