[Snort-users] Detecting Connections

Faiz Ahmad Shuja faizshuja at ...5849...
Thu May 29 15:56:07 EDT 2003


Does anybody have idea about detecting multiple connections from a
single IP?. I want to detect multiple established connections from a
single IP to mail server [port 25]. Somtimes a single IP have taken up
all the connection slots. Is there anyway to set a threshold?. If I am
getting multiple connections from a single host to any service and it
reaches a specific count, I get the alert?.

Please advise.

Thanks!


Regards,
Faiz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3275 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030529/8b21b69b/attachment.bin>


More information about the Snort-users mailing list