Snort mailing list archives
Re: how to detect CC attack
From: Jamie Riden <jamie.riden () gmail com>
Date: Wed, 2 May 2012 09:12:32 +0100
On 2 May 2012 09:07, 闫振宇 <yanzhenyu () 55tuan com> wrote:
Thank you for your reply. Permaps I should count the total connection. 1) the total number of all connections 2) the top 10 ip address and their connection number but how can accomplish this goal? 2012-05-02
Sorry, I don't know what we're trying to achieve here... can you explain a bit better please? I would suggest that something like ntop or argus may be better for tracking connections and network statistics than snort. Check out argus-server and argus-client on Debian. (ObOnTopic: I tend to run argus on snort sensors if I can, as it's another data source to look at when doing forensics. Can be handy) cheers, Jamie -- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- how to detect CC attack 闫振宇 (May 01)
- Re: how to detect CC attack Jamie Riden (May 01)
- Re: how to detect CC attack 闫振宇 (May 02)
- Re: how to detect CC attack Jamie Riden (May 02)