Snort mailing list archives
Detecting concurrent connections
From: Renato Araújo <renato () escelsa com br>
Date: Wed, 12 Jun 2002 12:03:15 -0300
I want to configure snort rule to detect if there is a a number of concurrent conections to a server. Example, I want snort to detect if anyone has 15 or more conections simultaneously established to my smtp server. Anyone knows if this is possible. I need this because someone used a program that send tons of emails to my server to discover valid emails. I solved the problem by blocking the IP with iptables, but I'm looking for a automated solution. Atenciosamente (sincerely), Renato Araújo --------------------------------------------- Unix _IS_ user friendly - it`s just selective about who its friends are ! _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting concurrent connections Renato Araújo (Jun 12)
- Re: Detecting concurrent connections Chris Green (Jun 12)
- Re: Detecting concurrent connections matt (Jun 12)