[Snort-users] Is there a way for Snort to detect large http downloads?
Jason.Truong at ...10396...
Tue Jul 13 12:35:07 EDT 2004
Is there a rule in Snort that can help to alert when a user it downloading a very large file from the internet...via http or ftp?
We have a 9mb pipe out to the internet and sometimes I get alerts (from Nagios) mentioning that the pipe if full. I have already disabled P2P applications at the firewall level. I can resort to making configs on the Cisco level but was wondering if there was a way for Snort to alert on large downloads.
Large can be say > 50 MB.
More information about the Snort-users