Snort mailing list archives

Detecting concurrent connections

From: Renato Araújo <renato () escelsa com br>
Date: Wed, 12 Jun 2002 12:03:15 -0300

I want to configure snort rule to detect if there is a a number of
concurrent conections to a server. Example, I want snort to detect if
anyone has 15 or more conections simultaneously established to my
smtp server.
Anyone knows if this is possible. I need this because someone used
a program that send tons of emails to my server to discover valid
emails. I solved the problem by blocking the IP with iptables, but I'm

looking for a automated solution.



Atenciosamente (sincerely),

Renato AraÃºjo
---------------------------------------------
Unix _IS_ user friendly - it`s just selective about who its friends are !


_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Detecting concurrent connections Renato Araújo (Jun 12)
- Re: Detecting concurrent connections Chris Green (Jun 12)
- Re: Detecting concurrent connections matt (Jun 12)