That works good if you know who is going to be hitting you but I would like
to detect unknown clients.
Paul - v966-5159
-=-=-
Are You Pondering What I'm Pondering?
I think so Brain, but, snort, no, no, it's too stupid.
-----Original Message-----
From: David Gore [mailto:user-3e5761c68b56@xymon.invalid] Sent: Monday, November 06, 2006 2:50 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Port Monitoring
Paul Moore wrote:
Is there a way to setup hobbit's port monitoring to alert when a specific
device has X number of established connections on particular port? IE
alerting when one client has 20 sessions connected to port 80 signifying a
DOS attack?
hobbit-clients.cfg:
HOST=myDOSTarget
PORT REMOTE=%x.x.x.X.nnn STATE=ESTABLISHED MIN=1 MAX=20
Paul Moore V966-5159
MSO OSS Support
-=-=-=-=-=
Pinky, Are You Pondering What I'm Pondering?
Well, I think so Brain but if Jimmy cracks corn and no one cares, why does
he keep doing it?