Re: Detecting Connections in Snort

• Previous message: Jimi Thompson: "Re: IDS thoughts"
• In reply to: Faiz Ahmad Shuja: "Detecting Connections in Snort"
• Next in thread: Faiz Ahmad Shuja: "RE: Detecting Connections in Snort"
• Reply: Faiz Ahmad Shuja: "RE: Detecting Connections in Snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 02 Jun 2003 10:38:11 -0400
To: Faiz Ahmad Shuja <faizshuja@yahoo.it>, focus-ids@securityfocus.com

I understand that exists a particular funcionality in portscan snort's
preprocessor, which let you set a threshold for connections. You can
find more information en Snort 2.0 book (Syngress).

Bye

Marcelo
-.-

Faiz Ahmad Shuja wrote:

>Does anybody have idea about detecting multiple connections from a
>single IP in Snort?. I want to detect multiple connection request from a
>single IP to mail server [port 25]. Somtimes a single IP have taken up
>all the connection slots. Is there anyway to set a threshold?. If I am
>getting multiple connections from a single host to any service and it
>reaches a specific count, I get the alert?.
>
>Please advise.
>
>Thanks!
>
>
>Regards,
>Faiz
>
>

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------

• Previous message: Jimi Thompson: "Re: IDS thoughts"
• In reply to: Faiz Ahmad Shuja: "Detecting Connections in Snort"
• Next in thread: Faiz Ahmad Shuja: "RE: Detecting Connections in Snort"
• Reply: Faiz Ahmad Shuja: "RE: Detecting Connections in Snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]