How to detect a packet sent more than once

[Edurne Izaguirre <soyedurne () hotmail com>]

Hello everyone,

I want to present an idea that I cannot develop alone. I look for some help here :-)

Imagine a node sending statelessly a packet to the network, if some other node answers to this packet (it's ICMP), then 
the first node sends again the same packet until nobody answers or after 5 or 6 times. What I want to manage is being 
able to keep state of these messages, that is, if this request and reply happens more than, let's say, three times, 
tell pull an alert. Is there any way to do it? Maybe with dynamic rules? Writing my own dynamic preprocessor maybe? Is 
it too abstract to have an answer?

Thank you very much anyway!
Edurne




                                          
_________________________________________________________________
Vive toda la experiencia de Messenger con Orange desde tu Blackberry ¡Descúbrelo!
http://serviciosmoviles.es.msn.com/messenger/blackberry.aspx

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users