Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to detect CC attack

From: Jamie Riden <jamie.riden () gmail com>
Date: Wed, 2 May 2012 09:12:32 +0100
On 2 May 2012 09:07, 闫振宇 <yanzhenyu () 55tuan com> wrote:


Thank you for your reply.
Permaps I should count the total connection.

1) the total number of all connections
2) the top 10 ip address and their  connection number

but how can accomplish this goal?
2012-05-02


Sorry, I don't know what we're trying to achieve here... can you
explain a bit better please?

I would suggest that something like ntop or argus may be better for
tracking connections and network statistics than snort. Check out
argus-server and argus-client on Debian.

(ObOnTopic: I tend to run argus on snort sensors if I can, as it's
another data source to look at when doing forensics. Can be handy)

cheers,
 Jamie
-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: