monitoring number of simultaneos connection
list Roberto Tagliaferri
Tue, 26 Sep 2006 10:01:52 +0200
Message-Id: <user-fbf728274455@xymon.invalid>
Is there a way to monitor the number of simultaneous open port from the same ip?
I need to alert when an (stupid...) attacker send a thing like this
tcp 0 0 151.8.36.12:80 206.225.82.32:9654 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:63256 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:11611 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:55544 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:55045 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:949 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:19880 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:13331 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:31280 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:44500 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:11909 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:58313 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:47932 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:15468 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:2060 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:56875 SYN_RECV tcp 0 0 151.8.36.12:80 206.225.82.32:45630 SYN_RECV
--
Roberto Tagliaferri
Responsabile Progettazione & Produzione
TosNet s.r.l. - Internet Service Provider
user-ad26667b6a89@xymon.invalid
www.tosnet.it