[Snort-users] HTTP robot detection?
Sheahan, Paul (PCLN-NW)
Paul.Sheahan at ...2218...
Thu Jan 24 13:01:03 EST 2002
Anyone have any ideas on this one?
I was wondering if there was a way to make Snort detect someone running an
automated script or robot against a website the way it checks for portscans?
For example, Snort flags traffic as a portscan when there are connections to
a certain number of ports on one host within a certain time period. Is there
way to do this with URLs? For example, so many URLs accessed at one IP
address within a certain time period would be flagged as some sort of
automated tool or robot scanning a site?
More information about the Snort-users