[Snort-users] Detecting Connections
Faiz Ahmad Shuja
faizshuja at ...5849...
Thu May 29 15:56:07 EDT 2003
Does anybody have idea about detecting multiple connections from a
single IP?. I want to detect multiple established connections from a
single IP to mail server [port 25]. Somtimes a single IP have taken up
all the connection slots. Is there anyway to set a threshold?. If I am
getting multiple connections from a single host to any service and it
reaches a specific count, I get the alert?.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3275 bytes
Desc: not available
More information about the Snort-users