[Snort-users] Is there a way for Snort to detect large http downloads?
security at ...9153...
Tue Jul 13 18:56:02 EDT 2004
You'd probably want ntop in this situation ... www.ntop.org and then
curb it off with wondershaper.
Jason Truong wrote:
> Is there a rule in Snort that can help to alert when a user it downloading a very large file from the internet...via http or ftp?
> We have a 9mb pipe out to the internet and sometimes I get alerts (from Nagios) mentioning that the pipe if full. I have already disabled P2P applications at the firewall level. I can resort to making configs on the Cisco level but was wondering if there was a way for Snort to alert on large downloads.
> Large can be say > 50 MB.
More information about the Snort-users