Erwin Van de Velde
erwin.vandevelde at ...10361...
Sat Nov 22 07:28:02 EST 2003
Is it possible to make a threshold that does per-source checking? I don't know
if this is the right English termniology, so I'll tell what I really want to
Let's say you have a SSH server, and you would like to block an IP if more
than 5 login attempts (TCP-SYN packets to port 22) come from that IP in a
minute. On the other hand, it's a busy server, so 5 login attempts from
different locations (IP addresses thus) in one minute should be possible.
Can I do this with thresholding? How? And if it is not possible... are there
other ways to get this done?
Thanks in advance,
More information about the Snort-users