[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
monitoring number of simultaneos connection
- To: Lista Hobbit <hobbit (at) hswn.dk>
- Subject: monitoring number of simultaneos connection
- From: Roberto Tagliaferri <r.tagliaferri (at) tosnet.it>
- Date: Tue, 26 Sep 2006 10:01:52 +0200
- Organization: Tosnet srl
- User-agent: Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666
Is there a way to monitor the number of simultaneous open port from the
same ip?
I need to alert when an (stupid...) attacker send a thing like this
tcp 0 0 151.8.36.12:80 206.225.82.32:9654
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:63256
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:11611
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:55544
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:55045
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:949
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:19880
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:13331
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:31280
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:44500
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:11909
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:58313
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:47932
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:15468
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:2060
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:56875
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:45630
SYN_RECV
--
Roberto Tagliaferri
Responsabile Progettazione & Produzione
TosNet s.r.l. - Internet Service Provider
r.tagliaferri (at) tosnet.it
www.tosnet.it