Snort mailing list archives

Detecting Connections

From: "Faiz Ahmad Shuja" <faizshuja () yahoo it>
Date: Fri, 30 May 2003 03:59:48 +0500

Does anybody have idea about detecting multiple connections from a
single IP?. I want to detect multiple established connections from a
single IP to mail server [port 25]. Somtimes a single IP have taken up
all the connection slots. Is there anyway to set a threshold?. If I am
getting multiple connections from a single host to any service and it
reaches a specific count, I get the alert?.

Please advise.

Thanks!


Regards,
Faiz

Attachment: smime.p7s
Description:

Current thread:

unable to start snort Nick Scheider (May 29)
- Re: unable to start snort Shawn Duffy (May 29)
- RE: unable to start snort Brian Gregorcy (May 29)
  - RE: unable to start snort Chris (May 29)
- <Possible follow-ups>
- RE: unable to start snort Pacheco, Michael F. (May 29)
- RE: unable to start snort Nick Scheider (May 29)
  - Detecting Connections Faiz Ahmad Shuja (May 29)