[Snort-users] Detecting concurrent connections

Renato Araújo renato at ...6058...
Wed Jun 12 08:04:04 EDT 2002


I want to configure snort rule to detect if there is a a number of
concurrent conections to a server. Example, I want snort to detect if
anyone has 15 or more conections simultaneously established to my
smtp server.
Anyone knows if this is possible. I need this because someone used
a program that send tons of emails to my server to discover valid
emails. I solved the problem by blocking the IP with iptables, but I'm

looking for a automated solution.



Atenciosamente (sincerely),

Renato Araújo
---------------------------------------------
Unix _IS_ user friendly - it`s just selective about who its friends are !





More information about the Snort-users mailing list