That works good if you know who is going to be hitting you but I would like to detect unknown clients.

Paul - v966-5159

Are You Pondering What I'm Pondering? I think so Brain, but, snort, no, no, it's too stupid.

-----Original Message----- From: David Gore [mailto:David.Gore at verizonbusiness.com] Sent: Monday, November 06, 2006 2:50 PM To: hobbit at hswn.dk Subject: Re: [hobbit] Port Monitoring

Paul Moore wrote:

Is there a way to setup hobbit's port monitoring to alert when a specific device has X number of established connections on particular port? IE alerting when one client has 20 sessions connected to port 80 signifying a DOS attack?

hobbit-clients.cfg:

HOST=myDOSTarget PORT REMOTE=%x.x.x.X.nnn STATE=ESTABLISHED MIN=1 MAX=20

Paul Moore V966-5159 MSO OSS Support

Pinky, Are You Pondering What I'm Pondering? Well, I think so Brain but if Jimmy cracks corn and no one cares, why does he keep doing it?

To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk

To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk