[Snort-users] Help with Snort rule - httpd flood detection

Jeremy Hewlett jh at ...1935...
Mon Feb 28 10:46:16 EST 2005


On Sat, Feb 26, NightStorm wrote:
> 
>    What  I  am  hoping  to  do  is somehow get Snort to recognise massive
>    queries  to a specified page, and then trigger a rule.  Unfortunately,

Have you tried creating your own rule, looking for whatever content,
and putting a threshold of type "Both" on it?






More information about the Snort-users mailing list